对表格数据进行去标识化的示例

敏感数据保护可以检测结构化数据中的敏感数据,对其进行分类和去标识化。对表形式的内容进行去标识化时,结构和列可为敏感数据保护提供额外的线索,从而可能在某些用例中提供更好的结果。例如,您可以扫描单个列(而不是整个表结构)中的特定数据类型。

本主题将提供有关如何配置对结构化文本中的敏感数据进行去标识化的示例。去标识化通过记录转换来启用。这些转换应用于表格文本数据中标识为特定 infoType 的值,或应用于整列表格数据。

本主题还将提供使用了加密哈希方法的表格数据转换示例。加密转换方法是独一无二的,因为它们需要加密密钥。

以下示例中给定的 JSON 可以插入到任何去标识化请求的 "deidentifyConfig" (DeidentifyConfig) 特性中。如需在 API Explorer 中试用示例 JSON,请点击“API Explorer 示例”。

在不进行检查的情况下转换列

要转换内容已知的特定列,您可以跳过检查并直接指定转换。表下方的示例以 10 为增量对“幸福评分”列进行分桶。

输入 转换后的表
年龄 患者 幸福指数
101 查尔斯·狄更斯 95
22 简·奥斯汀 21
55 马克·吐温 75
年龄 患者 幸福指数
101 查尔斯·狄更斯 90:100
22 简·奥斯汀 20:30
55 马克·吐温 70:80

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyUsingTableBucketing
{
    public static Table DeidentifyData(
        string projectId,
        Table tableToInspect = null)
    {
        // Instantiate dlp client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToInspect == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "101" },
                new Value { StringValue = "Charles Dickens" },
                new Value { StringValue = "95" }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "22" },
                new Value { StringValue = "Jane Austin" },
                new Value { StringValue = "21" }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "55" },
                new Value { StringValue = "Mark Twain" },
                new Value { StringValue = "75" }
            };

            tableToInspect = new Table
            {
                Headers =
                {
                    new FieldId { Name = "AGE" },
                    new FieldId { Name = "PATIENT" },
                    new FieldId { Name = "HAPPINESS SCORE" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Construct the table content item.
        var contentItem = new ContentItem { Table = tableToInspect };

        // Specify how the content should be de-identified.
        var fixedSizeBucketingConfig = new FixedSizeBucketingConfig
        {
            BucketSize = 10,
            LowerBound = new Value { IntegerValue = 0 },
            UpperBound = new Value { IntegerValue = 100 },
        };

        // Specify the fields to be encrypted.
        var fields = new FieldId[] { new FieldId { Name = "HAPPINESS SCORE" } };

        // Associate the encryption with the specified field.
        var fieldTransformation = new FieldTransformation
        {
            PrimitiveTransformation = new PrimitiveTransformation
            {
                FixedSizeBucketingConfig = fixedSizeBucketingConfig
            },
            Fields = { fields }
        };

        // Construct the deidentify config.
        var deidentifyConfig = new DeidentifyConfig
        {
            RecordTransformations = new RecordTransformations
            {
                FieldTransformations = { fieldTransformation }
            }
        };

        // Construct the request.
        var request = new DeidentifyContentRequest
        {
            ParentAsLocationName = new LocationName(projectId, "global"),
            DeidentifyConfig = deidentifyConfig,
            Item = contentItem,
        };

        // Call the API.
        var response = dlp.DeidentifyContent(request);

        // Inspect the response.
        Console.WriteLine(response.Item.Table);

        return response.Item.Table;
    }
}

Go

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

import (
	"context"
	"fmt"
	"io"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// deIdentifyTableBucketing de-identifies data using table bucketing
func deIdentifyTableBucketing(w io.Writer, projectID string) error {
	// projectId := "your-project-id"
	// table := "your-table-value"

	row1 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "22"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Jane Austen"}},
			{Type: &dlppb.Value_StringValue{StringValue: "21"}},
		},
	}

	row2 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "55"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain"}},
			{Type: &dlppb.Value_StringValue{StringValue: "75"}},
		},
	}

	row3 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "101"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens"}},
			{Type: &dlppb.Value_StringValue{StringValue: "95"}},
		},
	}

	table := &dlppb.Table{
		Headers: []*dlppb.FieldId{
			{Name: "AGE"},
			{Name: "PATIENT"},
			{Name: "HAPPINESS SCORE"},
		},
		Rows: []*dlppb.Table_Row{
			{Values: row1.Values},
			{Values: row2.Values},
			{Values: row3.Values},
		},
	}

	ctx := context.Background()

	// Initialize a client once and reuse it to send multiple requests. Clients
	// are safe to use across goroutines. When the client is no longer needed,
	// call the Close method to cleanup its resources.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		return err
	}

	// Closing the client safely cleans up background resources.
	defer client.Close()

	// Specify what content you want the service to de-identify.
	contentItem := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Table{
			Table: table,
		},
	}

	// Specify how the content should be de-identified.
	fixedSizeBucketingConfig := &dlppb.FixedSizeBucketingConfig{
		BucketSize: 10,
		LowerBound: &dlppb.Value{
			Type: &dlppb.Value_IntegerValue{
				IntegerValue: 0,
			},
		},
		UpperBound: &dlppb.Value{
			Type: &dlppb.Value_IntegerValue{
				IntegerValue: 100,
			},
		},
	}
	primitiveTransformation := &dlppb.PrimitiveTransformation_FixedSizeBucketingConfig{
		FixedSizeBucketingConfig: fixedSizeBucketingConfig,
	}

	// Specify field to be encrypted.
	fieldId := &dlppb.FieldId{
		Name: "HAPPINESS SCORE",
	}

	// Associate the encryption with the specified field.
	fieldTransformation := &dlppb.FieldTransformation{
		Transformation: &dlppb.FieldTransformation_PrimitiveTransformation{
			PrimitiveTransformation: &dlppb.PrimitiveTransformation{
				Transformation: primitiveTransformation,
			},
		},
		Fields: []*dlppb.FieldId{
			fieldId,
		},
	}

	recordTransformations := &dlppb.RecordTransformations{
		FieldTransformations: []*dlppb.FieldTransformation{
			fieldTransformation,
		},
	}

	// Construct the de-identification request to be sent by the client.
	req := &dlppb.DeidentifyContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		DeidentifyConfig: &dlppb.DeidentifyConfig{
			Transformation: &dlppb.DeidentifyConfig_RecordTransformations{
				RecordTransformations: recordTransformations,
			},
		},
		Item: contentItem,
	}
	// Send the request.
	resp, err := client.DeidentifyContent(ctx, req)
	if err != nil {
		return err
	}

	// Print the results.
	fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
	return nil
}

Java

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.FixedSizeBucketingConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableBucketing {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .build())
            .build();

    deIdentifyTableBucketing(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableBucketing(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      FixedSizeBucketingConfig fixedSizeBucketingConfig =
          FixedSizeBucketingConfig.newBuilder()
              .setBucketSize(10)
              .setLowerBound(Value.newBuilder().setIntegerValue(0).build())
              .setUpperBound(Value.newBuilder().setIntegerValue(100).build())
              .build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setFixedSizeBucketingConfig(fixedSizeBucketingConfig)
              .build();

      // Specify field to be encrypted.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Associate the encryption with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Node.js

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Initialize google DLP Client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Construct the tabular data
const tablularData = {
  headers: [{name: 'AGE'}, {name: 'PATIENT'}, {name: 'HAPPINESS SCORE'}],
  rows: [
    {
      values: [
        {integerValue: 101},
        {stringValue: 'Charles Dickens'},
        {integerValue: 95},
      ],
    },
    {
      values: [
        {integerValue: 22},
        {stringValue: 'Jane Austen'},
        {integerValue: 21},
      ],
    },
    {
      values: [
        {integerValue: 55},
        {stringValue: 'Mark Twain'},
        {integerValue: 75},
      ],
    },
  ],
};
async function deIdentifyTableBucketing() {
  // Specify field to be de-identified.
  const targetColumn = {name: 'HAPPINESS SCORE'};

  // Specify how the content should be de-identified.
  const bucketingConfig = {
    bucketSize: 10,
    lowerBound: {
      integerValue: 0,
    },
    upperBound: {
      integerValue: 100,
    },
  };

  const primitiveTransformation = {
    fixedSizeBucketingConfig: bucketingConfig,
  };

  // Combine configurations into a request for the service.
  const request = {
    parent: `projects/${projectId}/locations/global`,
    item: {
      table: tablularData,
    },
    deidentifyConfig: {
      recordTransformations: {
        fieldTransformations: [
          {
            fields: [targetColumn],
            primitiveTransformation,
          },
        ],
      },
    },
  };
  // Send the request and receive response from the service
  const [response] = await dlp.deidentifyContent(request);

  // Print the results.
  console.log(
    `Table after de-identification: ${JSON.stringify(response.item.table)}`
  );
}

deIdentifyTableBucketing();

PHP

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\FieldTransformation;
use Google\Cloud\Dlp\V2\FixedSizeBucketingConfig;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;

/**
 * De-identify data using table bucketing
 * Transform a column without inspection. To transform a column in which the content is
 * already known, you can skip inspection and specify a transformation directly.
 *
 * @param string $callingProjectId      The Google Cloud project id to use as a parent resource.
 * @param string $inputCsvFile          The input file(csv) path  to deidentify
 * @param string $outputCsvFile         The oupt file path to save deidentify content
 *
 */
function deidentify_table_bucketing(
    // TODO(developer): Replace sample parameters before running the code.
    string $callingProjectId,
    string $inputCsvFile = './test/data/table2.csv',
    string $outputCsvFile = './test/data/deidentify_table_bucketing_output.csv'
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    // Read a CSV file
    $csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
    $csvHeaders = explode(',', $csvLines[0]);
    $csvRows = array_slice($csvLines, 1);

    // Convert CSV file into protobuf objects
    $tableHeaders = array_map(function ($csvHeader) {
        return (new FieldId)
            ->setName($csvHeader);
    }, $csvHeaders);

    $tableRows = array_map(function ($csvRow) {
        $rowValues = array_map(function ($csvValue) {
            return (new Value())
                ->setStringValue($csvValue);
        }, explode(',', $csvRow));
        return (new Row())
            ->setValues($rowValues);
    }, $csvRows);

    // Construct the table object
    $tableToDeIdentify = (new Table())
        ->setHeaders($tableHeaders)
        ->setRows($tableRows);

    // Specify what content you want the service to de-identify.
    $contentItem = (new ContentItem())
        ->setTable($tableToDeIdentify);

    // Specify how the content should be de-identified.
    $fixedSizeBucketingConfig = (new FixedSizeBucketingConfig())
        ->setBucketSize(10)
        ->setLowerBound((new Value())
            ->setIntegerValue(10))
        ->setUpperBound((new Value())
            ->setIntegerValue(100));

    $primitiveTransformation = (new PrimitiveTransformation())
        ->setFixedSizeBucketingConfig($fixedSizeBucketingConfig);

    // Specify the field to to apply bucketing transform on
    $fieldId = (new FieldId())
        ->setName('HAPPINESS_SCORE');

    // Associate the encryption with the specified field.
    $fieldTransformation = (new FieldTransformation())
        ->setPrimitiveTransformation($primitiveTransformation)
        ->setFields([$fieldId]);

    $recordTransformations = (new RecordTransformations())
        ->setFieldTransformations([$fieldTransformation]);

    // Create the deidentification configuration object
    $deidentifyConfig = (new DeidentifyConfig())
        ->setRecordTransformations($recordTransformations);

    $parent = "projects/$callingProjectId/locations/global";

    // Run request
    $deidentifyContentRequest = (new DeidentifyContentRequest())
        ->setParent($parent)
        ->setDeidentifyConfig($deidentifyConfig)
        ->setItem($contentItem);
    $response = $dlp->deidentifyContent($deidentifyContentRequest);

    // Print results
    $csvRef = fopen($outputCsvFile, 'w');
    fputcsv($csvRef, $csvHeaders);
    foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
        $values = array_map(function ($tableValue) {
            return $tableValue->getStringValue();
        }, iterator_to_array($tableRow->getValues()));
        fputcsv($csvRef, $values);
    };
    printf($outputCsvFile);
}

Python

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

from typing import Dict, List, Union

import google.cloud.dlp
from google.cloud.dlp_v2 import types

def deidentify_table_bucketing(
    project: str,
    table_data: Dict[str, Union[List[str], List[List[str]]]],
    deid_content_list: List[str],
    bucket_size: int,
    bucketing_lower_bound: int,
    bucketing_upper_bound: int,
) -> types.dlp.Table:
    """Uses the Data Loss Prevention API to de-identify sensitive data in a
    table by replacing them with fixed size bucket ranges.
    Args:
        project: The Google Cloud project id to use as a parent resource.
        table_data: Dictionary representing table data.
        deid_content_list: A list of fields in table to de-identify.
        bucket_size: Size of each bucket for fixed sized bucketing
            (except for minimum and maximum buckets). So if ``bucketing_lower_bound`` = 10,
            ``bucketing_upper_bound`` = 89, and ``bucket_size`` = 10, then the
            following buckets would be used: -10, 10-20, 20-30, 30-40,
            40-50, 50-60, 60-70, 70-80, 80-89, 89+.
       bucketing_lower_bound: Lower bound value of buckets.
       bucketing_upper_bound:  Upper bound value of buckets.

    Returns:
       De-identified table is returned;
       the response from the API is also printed to the terminal.

    Example:
    >> $ python deidentify_table_bucketing.py \
        '{"header": ["email", "phone number", "age"],
        "rows": [["robertfrost@example.com", "4232342345", "35"],
        ["johndoe@example.com", "4253458383", "68"]]}' \
        ["age"] 10 0 100
        >>  '{"header": ["email", "phone number", "age"],
            "rows": [["robertfrost@example.com", "4232342345", "30:40"],
            ["johndoe@example.com", "4253458383", "60:70"]]}'
    """

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Convert the project id into a full resource id.
    parent = f"projects/{project}/locations/global"

    # Construct the `table`. For more details on the table schema, please see
    # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
    headers = [{"name": val} for val in table_data["header"]]
    rows = []
    for row in table_data["rows"]:
        rows.append({"values": [{"string_value": cell_val} for cell_val in row]})

    table = {"headers": headers, "rows": rows}

    # Construct the `item`.
    item = {"table": table}

    # Construct fixed sized bucketing configuration
    fixed_size_bucketing_config = {
        "bucket_size": bucket_size,
        "lower_bound": {"integer_value": bucketing_lower_bound},
        "upper_bound": {"integer_value": bucketing_upper_bound},
    }

    # Specify fields to be de-identified
    deid_content_list = [{"name": _i} for _i in deid_content_list]

    # Construct Deidentify Config
    deidentify_config = {
        "record_transformations": {
            "field_transformations": [
                {
                    "fields": deid_content_list,
                    "primitive_transformation": {
                        "fixed_size_bucketing_config": fixed_size_bucketing_config
                    },
                }
            ]
        }
    }

    # Call the API.
    response = dlp.deidentify_content(
        request={"parent": parent, "deidentify_config": deidentify_config, "item": item}
    )

    # Print the results.
    print(f"Table after de-identification: {response.item.table}")

    # Return the response.
    return response.item.table

API Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "fixedSizeBucketingConfig":{
            "bucketSize":10,
            "lowerBound":{
              "integerValue":"0"
            },
            "upperBound":{
              "integerValue":"100"
            }
          }
        }
      }
    ]
  }
}

根据其他列的值转换某个列

您可以根据其他列的值转换某个列。下面这个示例会为所有 89 岁以上的患者隐去“幸福指数”。

输入 转换后的表
年龄 患者 幸福指数
101 查尔斯·狄更斯 95
22 简·奥斯汀 21
55 马克·吐温 75
年龄 患者 幸福指数
101 查尔斯·狄更斯 **
22 简·奥斯汀 21
55 马克·吐温 75

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyTableUsingMaskingAndLogic
{
    public static Table DeidentifyTable(
        string projectId,
        Table tableToInspect = null)
    {
        // Instantiate the client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToInspect == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "101" },
                new Value { StringValue = "Charles Dickens" },
                new Value { StringValue = "95" },
                new Value { StringValue = "Charles Dickens name was a curse invented by Shakespeare." }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "22" },
                new Value { StringValue = "Jane Austin" },
                new Value { StringValue = "21" },
                new Value { StringValue = "There are 14 kisses in Jane Austen's novels." }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "55" },
                new Value { StringValue = "Mark Twain" },
                new Value { StringValue = "75" },
                new Value { StringValue = "Mark Twain loved cats." }
            };

            tableToInspect = new Table
            {
                Headers =
                {
                    new FieldId { Name = "AGE" },
                    new FieldId { Name = "PATIENT" },
                    new FieldId { Name = "HAPPINESS SCORE" },
                    new FieldId { Name = "FACTOID" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Construct the table content item.
        var contentItem = new ContentItem { Table = tableToInspect };

        //Specify how the content should be de-identified.
        var primitiveTransformation = new PrimitiveTransformation
        {
            CharacterMaskConfig = new CharacterMaskConfig
            {
                MaskingCharacter = "*"
            }
        };

        // Specify the fields to be de-identified.
        var fields = new FieldId[] { new FieldId { Name = "HAPPINESS SCORE" } };

        // Specify when the above fields should be de-identified using condition.
        var condition = new RecordCondition.Types.Conditions
        {
            Conditions_ =
            {
                new RecordCondition.Types.Condition
                {
                    Field = new FieldId { Name = "AGE" },
                    Operator = RelationalOperator.GreaterThan,
                    Value = new Value { IntegerValue = 89 }
                }
            }
        };

        // Apply the condition to records
        var recordCondition = new RecordCondition
        {
            Expressions = new RecordCondition.Types.Expressions
            {
                Conditions = condition
            }
        };

        // Associate the de-identification and conditions with the specified fields.
        var deidentifiedConfig = new DeidentifyConfig
        {
            RecordTransformations = new RecordTransformations
            {
                FieldTransformations =
                {
                    new FieldTransformation
                    {
                        PrimitiveTransformation = primitiveTransformation,
                        Fields = { fields },
                        Condition = recordCondition
                    }
                }
            }
        };

        // Construct the request.
        var request = new DeidentifyContentRequest
        {
            ParentAsLocationName = new LocationName(projectId, "global"),
            DeidentifyConfig = deidentifiedConfig,
            Item = contentItem
        };

        // Call the API.
        var response = dlp.DeidentifyContent(request);

        // Inspect the response.
        Console.WriteLine(response.Item.Table);
        return response.Item.Table;
    }
}

Go

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

import (
	"context"
	"fmt"
	"io"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// deidentifyTableMaskingCondition de-identifies the table data using masking
// and conditional logic
func deidentifyTableMaskingCondition(w io.Writer, projectID string) error {
	// projectId := "your-project-id"

	row1 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "22"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Jane Austen"}},
			{Type: &dlppb.Value_StringValue{StringValue: "21"}},
		},
	}

	row2 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "55"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain"}},
			{Type: &dlppb.Value_StringValue{StringValue: "75"}},
		},
	}

	row3 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "101"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens"}},
			{Type: &dlppb.Value_StringValue{StringValue: "95"}},
		},
	}

	table := &dlppb.Table{
		Headers: []*dlppb.FieldId{
			{Name: "AGE"},
			{Name: "PATIENT"},
			{Name: "HAPPINESS SCORE"},
		},
		Rows: []*dlppb.Table_Row{
			{Values: row1.Values},
			{Values: row2.Values},
			{Values: row3.Values},
		},
	}

	ctx := context.Background()

	// Initialize a client once and reuse it to send multiple requests. Clients
	// are safe to use across goroutines. When the client is no longer needed,
	// call the Close method to cleanup its resources.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		return err
	}

	// Closing the client safely cleans up background resources.
	defer client.Close()

	// Specify what content you want the service to de-identify.
	contentItem := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Table{
			Table: table,
		},
	}

	// Specify how the content should be de-identified.
	charMaskConfig := &dlppb.CharacterMaskConfig{
		MaskingCharacter: "*",
	}
	primitiveTransformation := &dlppb.PrimitiveTransformation_CharacterMaskConfig{
		CharacterMaskConfig: charMaskConfig,
	}

	// Specify field to be de-identified.
	fieldId := &dlppb.FieldId{
		Name: "HAPPINESS SCORE",
	}

	// Apply the condition to the records present in table.
	recordCondition := &dlppb.RecordCondition_Condition{
		Field:    fieldId,
		Operator: dlppb.RelationalOperator_GREATER_THAN,
		Value: &dlppb.Value{
			Type: &dlppb.Value_IntegerValue{
				IntegerValue: 89,
			},
		},
	}

	expression := &dlppb.RecordCondition_Expressions{
		Type: &dlppb.RecordCondition_Expressions_Conditions{
			Conditions: &dlppb.RecordCondition_Conditions{
				Conditions: []*dlppb.RecordCondition_Condition{
					recordCondition,
				},
			},
		},
	}

	// Specify when the above field should be de-identified.
	condition := &dlppb.RecordCondition{
		// Apply the condition to records
		Expressions: expression,
	}

	// Associate the de-identification and conditions with the specified field.
	fieldTransformation := &dlppb.FieldTransformation{
		Fields: []*dlppb.FieldId{
			fieldId,
		},
		Transformation: &dlppb.FieldTransformation_PrimitiveTransformation{
			PrimitiveTransformation: &dlppb.PrimitiveTransformation{
				Transformation: primitiveTransformation,
			},
		},
		Condition: condition,
	}

	recordTransformations := &dlppb.RecordTransformations{
		FieldTransformations: []*dlppb.FieldTransformation{
			fieldTransformation,
		},
	}

	// Combine configurations into a request for the service.
	req := &dlppb.DeidentifyContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		DeidentifyConfig: &dlppb.DeidentifyConfig{
			Transformation: &dlppb.DeidentifyConfig_RecordTransformations{
				RecordTransformations: recordTransformations,
			},
		},
		Item: contentItem,
	}

	// Send the request.
	resp, err := client.DeidentifyContent(ctx, req)
	if err != nil {
		return err
	}

	// Print the results.
	fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
	return nil

}

Java

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.CharacterMaskConfig;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableConditionMasking {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .build())
            .build();

    deIdentifyTableConditionMasking(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionMasking(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      CharacterMaskConfig characterMaskConfig =
          CharacterMaskConfig.newBuilder().setMaskingCharacter("*").build();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder().setCharacterMaskConfig(characterMaskConfig).build();

      // Specify field to be de-identified.
      FieldId fieldId = FieldId.newBuilder().setName("HAPPINESS SCORE").build();

      // Specify when the above field should be de-identified.
      Condition condition =
          Condition.newBuilder()
              .setField(FieldId.newBuilder().setName("AGE").build())
              .setOperator(RelationalOperator.GREATER_THAN)
              .setValue(Value.newBuilder().setIntegerValue(89).build())
              .build();
      // Apply the condition to records
      RecordCondition recordCondition =
          RecordCondition.newBuilder()
              .setExpressions(
                  Expressions.newBuilder()
                      .setConditions(Conditions.newBuilder().addConditions(condition).build())
                      .build())
              .build();

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addFields(fieldId)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Node.js

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Initialize google DLP Client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Construct the tabular data
const tablularData = {
  headers: [{name: 'AGE'}, {name: 'PATIENT'}, {name: 'HAPPINESS SCORE'}],
  rows: [
    {
      values: [
        {integerValue: 101},
        {stringValue: 'Charles Dickens'},
        {integerValue: 95},
      ],
    },
    {
      values: [
        {integerValue: 22},
        {stringValue: 'Jane Austen'},
        {integerValue: 21},
      ],
    },
    {
      values: [
        {integerValue: 55},
        {stringValue: 'Mark Twain'},
        {integerValue: 75},
      ],
    },
  ],
};

async function deIdentifyTableConditionalCharMasking() {
  // Column that needs to be transformed
  const fieldIds = [{name: 'HAPPINESS SCORE'}];

  // Construct PrimitiveTransformation configuration
  const primitiveTransformation = {
    characterMaskConfig: {
      maskingCharacter: '*',
    },
  };

  // Construct condition
  const condition = {
    expressions: {
      conditions: {
        conditions: [
          {
            field: {name: 'AGE'},
            operator: 'GREATER_THAN',
            value: {integerValue: 89},
          },
        ],
      },
    },
  };

  // Construct RecordTransformations configurations
  const recordTransformations = {
    fieldTransformations: [
      {
        primitiveTransformation,
        fields: fieldIds,
        condition,
      },
    ],
  };

  // Combine configurations into a request for the service.
  const request = {
    parent: `projects/${projectId}/locations/global`,
    item: {
      table: tablularData,
    },
    deidentifyConfig: {
      recordTransformations,
    },
  };
  // Send the request and receive response from the service
  const [response] = await dlp.deidentifyContent(request);

  // Print the results
  console.log(
    `Table after de-identification: ${JSON.stringify(response.item.table)}`
  );
}

deIdentifyTableConditionalCharMasking();

PHP

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Dlp\V2\CharacterMaskConfig;
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\FieldTransformation;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\RecordCondition;
use Google\Cloud\Dlp\V2\RecordCondition\Condition;
use Google\Cloud\Dlp\V2\RecordCondition\Conditions;
use Google\Cloud\Dlp\V2\RecordCondition\Expressions;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\RelationalOperator;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;

/**
 * De-identify table data using masking and conditional logic.
 * Transform a column based on the value of another column.
 *
 * @param string $callingProjectId      The Google Cloud project id to use as a parent resource.
 * @param string $inputCsvFile          The input file(csv) path  to deidentify
 * @param string $outputCsvFile         The oupt file path to save deidentify content
 */

function deidentify_table_condition_masking(
    // TODO(developer): Replace sample parameters before running the code.
    string $callingProjectId,
    string $inputCsvFile = './test/data/table2.csv',
    string $outputCsvFile = './test/data/deidentify_table_condition_masking_output.csv'
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    $parent = "projects/$callingProjectId/locations/global";

    // Read a CSV file
    $csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
    $csvHeaders = explode(',', $csvLines[0]);
    $csvRows = array_slice($csvLines, 1);

    // Convert CSV file into protobuf objects
    $tableHeaders = array_map(function ($csvHeader) {
        return (new FieldId)
            ->setName($csvHeader);
    }, $csvHeaders);

    $tableRows = array_map(function ($csvRow) {
        $rowValues = array_map(function ($csvValue) {
            return (new Value())
                ->setStringValue($csvValue);
        }, explode(',', $csvRow));
        return (new Row())
            ->setValues($rowValues);
    }, $csvRows);

    // Construct the table object
    $tableToDeIdentify = (new Table())
        ->setHeaders($tableHeaders)
        ->setRows($tableRows);

    // Specify what content you want the service to de-identify.
    $content = (new ContentItem())
        ->setTable($tableToDeIdentify);

    // Specify how the content should be de-identified.
    $characterMaskConfig = (new CharacterMaskConfig())
        ->setMaskingCharacter('*');
    $primitiveTransformation = (new PrimitiveTransformation())
        ->setCharacterMaskConfig($characterMaskConfig);

    // Specify field to be de-identified.
    $fieldId = (new FieldId())
        ->setName('HAPPINESS_SCORE');

    // Specify when the above fields should be de-identified.
    $condition = (new Condition())
        ->setField((new FieldId())
            ->setName('AGE'))
        ->setOperator(RelationalOperator::GREATER_THAN)
        ->setValue((new Value())
            ->setIntegerValue(89));

    // Apply the condition to records
    $recordCondition = (new RecordCondition())
        ->setExpressions((new Expressions())
                ->setConditions((new Conditions())
                        ->setConditions([$condition])
                )
        );

    // Associate the de-identification and conditions with the specified fields.
    $fieldTransformation = (new FieldTransformation())
        ->setPrimitiveTransformation($primitiveTransformation)
        ->setFields([$fieldId])
        ->setCondition($recordCondition);

    $recordtransformations = (new RecordTransformations())
        ->setFieldTransformations([$fieldTransformation]);

    $deidentifyConfig = (new DeidentifyConfig())
        ->setRecordTransformations($recordtransformations);

    // Run request
    $deidentifyContentRequest = (new DeidentifyContentRequest())
        ->setParent($parent)
        ->setDeidentifyConfig($deidentifyConfig)
        ->setItem($content);
    $response = $dlp->deidentifyContent($deidentifyContentRequest);

    // Print results
    $csvRef = fopen($outputCsvFile, 'w');
    fputcsv($csvRef, $csvHeaders);
    foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
        $values = array_map(function ($tableValue) {
            return $tableValue->getStringValue();
        }, iterator_to_array($tableRow->getValues()));
        fputcsv($csvRef, $values);
    };
    printf('After de-identify the table data (Output File Location): %s', $outputCsvFile);
}

Python

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

from typing import Dict, List, Union

import google.cloud.dlp
from google.cloud.dlp_v2 import types

def deidentify_table_condition_masking(
    project: str,
    table_data: Dict[str, Union[List[str], List[List[str]]]],
    deid_content_list: List[str],
    condition_field: str = None,
    condition_operator: str = None,
    condition_value: int = None,
    masking_character: str = None,
) -> types.dlp.Table:
    """ Uses the Data Loss Prevention API to de-identify sensitive data in a
      table by masking them based on a condition.

    Args:
        project: The Google Cloud project id to use as a parent resource.
        table_data: Json string representing table data.
        deid_content_list: A list of fields in table to de-identify.
        condition_field: A table Field within the record this condition is evaluated against.
        condition_operator: Operator used to compare the field or infoType to the value. One of:
            RELATIONAL_OPERATOR_UNSPECIFIED, EQUAL_TO, NOT_EQUAL_TO, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS,
            LESS_THAN_OR_EQUALS, EXISTS.
        condition_value: Value to compare against. [Mandatory, except for ``EXISTS`` tests.].
        masking_character: The character to mask matching sensitive data with.

    Returns:
        De-identified table is returned;
        the response from the API is also printed to the terminal.

    Example:
    >> $ python deidentify_table_condition_masking.py \
    '{"header": ["email", "phone number", "age", "happiness_score"],
    "rows": [["robertfrost@example.com", "4232342345", "35", "21"],
    ["johndoe@example.com", "4253458383", "64", "34"]]}' \
    ["happiness_score"] "age" "GREATER_THAN" 50
    >> '{"header": ["email", "phone number", "age", "happiness_score"],
        "rows": [["robertfrost@example.com", "4232342345", "35", "21"],
        ["johndoe@example.com", "4253458383", "64", "**"]]}'
    """

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Construct the `table`. For more details on the table schema, please see
    # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
    headers = [{"name": val} for val in table_data["header"]]
    rows = []
    for row in table_data["rows"]:
        rows.append({"values": [{"string_value": cell_val} for cell_val in row]})

    table = {"headers": headers, "rows": rows}

    # Construct the `item`
    item = {"table": table}

    # Specify fields to be de-identified
    deid_content_list = [{"name": _i} for _i in deid_content_list]

    # Construct condition list
    condition = [
        {
            "field": {"name": condition_field},
            "operator": condition_operator,
            "value": {"integer_value": condition_value},
        }
    ]

    # Construct deidentify configuration dictionary
    deidentify_config = {
        "record_transformations": {
            "field_transformations": [
                {
                    "primitive_transformation": {
                        "character_mask_config": {
                            "masking_character": masking_character
                        }
                    },
                    "fields": deid_content_list,
                    "condition": {
                        "expressions": {"conditions": {"conditions": condition}}
                    },
                }
            ]
        }
    }

    # Convert the project id into a full resource id.
    parent = f"projects/{project}/locations/global"

    # Call the API.
    response = dlp.deidentify_content(
        request={"parent": parent, "deidentify_config": deidentify_config, "item": item}
    )

    # Print the result
    print(f"Table after de-identification: {response.item.table}")

    # Return the response
    return response.item.table

API Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "fields":[
          {
            "name":"HAPPINESS SCORE"
          }
        ],
        "primitiveTransformation":{
          "characterMaskConfig":{
            "maskingCharacter":"*"
          }
        },
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

转换在列中找到的结果

您可以转换仅构成了单元格内容的一部分或构成了单元格全部内容的结果。下面的示例对 PERSON_NAME 的所有实例进行了匿名化处理。

输入 转换后的表
年龄 患者 幸福指数 趣闻
101 查尔斯·狄更斯 95 查尔斯·狄更斯这个名字是一个诅咒,可能是由莎士比亚虚构的。
22 简·奥斯汀 21 简·奥斯汀的小说中共出现了 14 次亲吻。
55 马克·吐温 75 马克·吐温喜欢猫。
年龄 患者 幸福指数 趣闻
101 [PERSON_NAME] 95 [PERSON_NAME] 这个名字是一个诅咒,可能是由莎士比亚虚构的。
22 [PERSON_NAME] 21 [PERSON_NAME] 的小说中共出现了 14 次亲吻。
55 [PERSON_NAME] 75 [PERSON_NAME] 喜欢猫。

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyTableWithInfoTypes
{
    public static Table DeidentifyTable(
        string projectId,
        Table tableToInspect = null,
        IEnumerable<InfoType> infoTypes = null)
    {
        // Instantiate a client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToInspect == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "101" },
                new Value { StringValue = "Charles Dickens" },
                new Value { StringValue = "95" },
                new Value { StringValue = "Charles Dickens name was a curse invented by Shakespeare." }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "22" },
                new Value { StringValue = "Jane Austin" },
                new Value { StringValue = "21" },
                new Value { StringValue = "There are 14 kisses in Jane Austen's novels." }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "55" },
                new Value { StringValue = "Mark Twain" },
                new Value { StringValue = "75" },
                new Value { StringValue = "Mark Twain loved cats." }
            };

            tableToInspect = new Table
            {
                Headers =
                {
                    new FieldId { Name = "AGE" },
                    new FieldId { Name = "PATIENT" },
                    new FieldId { Name = "HAPPINESS SCORE" },
                    new FieldId { Name = "FACTOID" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Construct the table content item.
        var contentItem = new ContentItem { Table = tableToInspect };

        // Construct Replace With InfoTypes config to replace the match.
        var replaceInfoTypesConfig = new ReplaceWithInfoTypeConfig();

        // Construct Fields to be de-identified.
        var fieldIds = new FieldId[] { new FieldId { Name = "PATIENT" }, new FieldId { Name = "FACTOID" } };

        // Construct InfoType Transformation.
        var infoTypeTransformations = new InfoTypeTransformations
        {
            Transformations =
            {
                new InfoTypeTransformations.Types.InfoTypeTransformation
                {
                    PrimitiveTransformation = new PrimitiveTransformation
                    {
                        ReplaceWithInfoTypeConfig = replaceInfoTypesConfig
                    },
                    InfoTypes = { infoTypes ?? new InfoType[] { new InfoType { Name = "PERSON_NAME" } } }
                }
            }
        };

        // Construct the de-identify config using replace config.
        var deidentifyConfig = new DeidentifyConfig
        {
            RecordTransformations = new RecordTransformations
            {
                FieldTransformations =
                {
                    new FieldTransformation
                    {
                        InfoTypeTransformations = infoTypeTransformations,
                        Fields = { fieldIds }
                    }
                }
            }
        };

        // Construct the request.
        var request = new DeidentifyContentRequest
        {
            ParentAsLocationName = new LocationName(projectId, "global"),
            DeidentifyConfig = deidentifyConfig,
            Item = contentItem
        };

        // Call the API.
        var response = dlp.DeidentifyContent(request);

        // Inspect the response.
        Console.WriteLine(response.Item.Table);
        return response.Item.Table;
    }
}

Go

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

import (
	"context"
	"fmt"
	"io"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// deidentifyTableInfotypes de-identifies table data with info types
func deidentifyTableInfotypes(w io.Writer, projectID string) error {
	// projectId := "your-project-id"

	row1 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "22"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Jane Austen"}},
			{Type: &dlppb.Value_StringValue{StringValue: "21"}},
			{Type: &dlppb.Value_StringValue{StringValue: "There are 14 kisses in Jane Austen's novels."}},
		},
	}

	row2 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "55"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain"}},
			{Type: &dlppb.Value_StringValue{StringValue: "75"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain loved cats."}},
		},
	}

	row3 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "101"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens"}},
			{Type: &dlppb.Value_StringValue{StringValue: "95"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens name was a curse invented by Shakespeare."}},
		},
	}

	table := &dlppb.Table{
		Headers: []*dlppb.FieldId{
			{Name: "AGE"},
			{Name: "PATIENT"},
			{Name: "HAPPINESS SCORE"},
			{Name: "FACTOID"},
		},
		Rows: []*dlppb.Table_Row{
			{Values: row1.Values},
			{Values: row2.Values},
			{Values: row3.Values},
		},
	}

	ctx := context.Background()

	// Initialize a client once and reuse it to send multiple requests. Clients
	// are safe to use across goroutines. When the client is no longer needed,
	// call the Close method to cleanup its resources.
	client, err := dlp.NewRESTClient(ctx)
	if err != nil {
		return err
	}

	// Closing the client safely cleans up background resources.
	defer client.Close()

	// Specify what content you want the service to de-identify.
	contentItem := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Table{
			Table: table,
		},
	}

	// Specify how the content should be de-identified.
	// Select type of info to be replaced.
	infoTypes := []*dlppb.InfoType{
		{Name: "PERSON_NAME"},
	}

	// Specify that findings should be replaced with corresponding info type name.
	replaceWithInfoTypeConfig := &dlppb.ReplaceWithInfoTypeConfig{}
	primitiveTransformation := &dlppb.PrimitiveTransformation{
		Transformation: &dlppb.PrimitiveTransformation_ReplaceWithInfoTypeConfig{
			ReplaceWithInfoTypeConfig: replaceWithInfoTypeConfig,
		},
	}

	// Associate info type with the replacement strategy
	infoTypeTransformations := &dlppb.InfoTypeTransformations{
		Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
			{
				InfoTypes:               infoTypes,
				PrimitiveTransformation: primitiveTransformation,
			},
		},
	}

	// Specify fields to be de-identified.
	fields := []*dlppb.FieldId{
		{Name: "PATIENT"},
		{Name: "FACTOID"},
	}

	// Associate the de-identification and conditions with the specified field.
	fieldTransformation := &dlppb.FieldTransformation{
		Fields: fields,
		Transformation: &dlppb.FieldTransformation_InfoTypeTransformations{
			InfoTypeTransformations: infoTypeTransformations,
		},
	}

	recordTransformations := &dlppb.RecordTransformations{
		FieldTransformations: []*dlppb.FieldTransformation{
			fieldTransformation,
		},
	}

	// Construct the de-identification request to be sent by the client.
	req := &dlppb.DeidentifyContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		DeidentifyConfig: &dlppb.DeidentifyConfig{
			Transformation: &dlppb.DeidentifyConfig_RecordTransformations{
				RecordTransformations: recordTransformations,
			},
		},
		Item: contentItem,
	}

	// Send the request.
	resp, err := client.DeidentifyContent(ctx, req)
	if err != nil {
		return err
	}

	// Print the results.
	fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
	return nil
}

Java

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "Charles Dickens name was a curse invented by Shakespeare.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue("There are 14 kisses in Jane Austen's novels.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
                    .build())
            .build();

    deIdentifyTableInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig)
              .build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformation).build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds =
          Stream.of("PATIENT", "FACTOID")
              .map(id -> FieldId.newBuilder().setName(id).build())
              .collect(Collectors.toList());

      // Associate the de-identification and conditions with the specified field.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Node.js

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Initialize google DLP Client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Construct the tabular data
const tablularData = {
  headers: [
    {name: 'AGE'},
    {name: 'PATIENT'},
    {name: 'HAPPINESS SCORE'},
    {name: 'FACTOID'},
  ],
  rows: [
    {
      values: [
        {integerValue: 101},
        {stringValue: 'Charles Dickens'},
        {integerValue: 95},
        {
          stringValue:
            'Charles Dickens name was a curse invented by Shakespeare.',
        },
      ],
    },
    {
      values: [
        {integerValue: 22},
        {stringValue: 'Jane Austen'},
        {integerValue: 21},
        {stringValue: "There are 14 kisses in Jane Austen's novels."},
      ],
    },
    {
      values: [
        {integerValue: 55},
        {stringValue: 'Mark Twain'},
        {integerValue: 75},
        {stringValue: 'Mark Twain loved cats.'},
      ],
    },
  ],
};

async function deIdentifyTableWithInfoType() {
  // Column that needs to be transformed
  const fieldIds = [{name: 'PATIENT'}, {name: 'FACTOID'}];

  // Construct InfoTypeTransformations configurations
  const infoTypeTransformations = {
    transformations: [
      {
        infoTypes: [{name: 'PERSON_NAME'}],
        primitiveTransformation: {
          replaceWithInfoTypeConfig: {},
        },
      },
    ],
  };

  // Combine configurations into a request for the service.
  const request = {
    parent: `projects/${projectId}/locations/global`,
    item: {
      table: tablularData,
    },
    deidentifyConfig: {
      recordTransformations: {
        fieldTransformations: [
          {
            infoTypeTransformations,
            fields: fieldIds,
          },
        ],
      },
    },
  };
  // Send the request and receive response from the service
  const [response] = await dlp.deidentifyContent(request);

  // Print the results
  console.log(
    `Table after de-identification: ${JSON.stringify(response.item.table)}`
  );
}

deIdentifyTableWithInfoType();

PHP

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\FieldTransformation;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\ReplaceWithInfoTypeConfig;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;

/**
 * De-identify table data with infoTypes
 *
 * @param string $callingProjectId      The Google Cloud project id to use as a parent resource.
 * @param string $inputCsvFile          The input file(csv) path  to deidentify
 * @param string $outputCsvFile         The oupt file path to save deidentify content
 */

function deidentify_table_infotypes(
    // TODO(developer): Replace sample parameters before running the code.
    string $callingProjectId,
    string $inputCsvFile = './test/data/table1.csv',
    string $outputCsvFile = './test/data/deidentify_table_infotypes_output.csv'
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    $parent = "projects/$callingProjectId/locations/global";

    // Read a CSV file
    $csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
    $csvHeaders = explode(',', $csvLines[0]);
    $csvRows = array_slice($csvLines, 1);

    // Convert CSV file into protobuf objects
    $tableHeaders = array_map(function ($csvHeader) {
        return (new FieldId)
            ->setName($csvHeader);
    }, $csvHeaders);

    $tableRows = array_map(function ($csvRow) {
        $rowValues = array_map(function ($csvValue) {
            return (new Value())
                ->setStringValue($csvValue);
        }, explode(',', $csvRow));
        return (new Row())
            ->setValues($rowValues);
    }, $csvRows);

    // Construct the table object
    $tableToDeIdentify = (new Table())
        ->setHeaders($tableHeaders)
        ->setRows($tableRows);

    // Specify the content to be inspected.
    $content = (new ContentItem())
        ->setTable($tableToDeIdentify);

    // Specify the type of info the inspection will look for.
    $personNameInfoType = (new InfoType())
        ->setName('PERSON_NAME');

    // Specify that findings should be replaced with corresponding info type name.
    $primitiveTransformation = (new PrimitiveTransformation())
        ->setReplaceWithInfoTypeConfig(new ReplaceWithInfoTypeConfig());

    // Associate info type with the replacement strategy
    $infoTypeTransformation = (new InfoTypeTransformation())
        ->setPrimitiveTransformation($primitiveTransformation)
        ->setInfoTypes([$personNameInfoType]);

    $infoTypeTransformations = (new InfoTypeTransformations())
        ->setTransformations([$infoTypeTransformation]);

    // Specify fields to be de-identified.
    $fieldIds = [
        (new FieldId())->setName('PATIENT'),
        (new FieldId())->setName('FACTOID'),
    ];

    // Associate the de-identification and transformation with the specified fields.
    $fieldTransformation = (new FieldTransformation())
        ->setInfoTypeTransformations($infoTypeTransformations)
        ->setFields($fieldIds);

    $recordtransformations = (new RecordTransformations())
        ->setFieldTransformations([$fieldTransformation]);

    $deidentifyConfig = (new DeidentifyConfig())
        ->setRecordTransformations($recordtransformations);

    // Run request
    $deidentifyContentRequest = (new DeidentifyContentRequest())
        ->setParent($parent)
        ->setDeidentifyConfig($deidentifyConfig)
        ->setItem($content);
    $response = $dlp->deidentifyContent($deidentifyContentRequest);

    // Print the results
    $csvRef = fopen($outputCsvFile, 'w');
    fputcsv($csvRef, $csvHeaders);
    foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
        $values = array_map(function ($tableValue) {
            return $tableValue->getStringValue();
        }, iterator_to_array($tableRow->getValues()));
        fputcsv($csvRef, $values);
    };
    printf('After de-identify the table data (Output File Location): %s', $outputCsvFile);
}

Python

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

from typing import Dict, List, Union

import google.cloud.dlp

def deidentify_table_replace_with_info_types(
    project: str,
    table_data: Dict[str, Union[List[str], List[List[str]]]],
    info_types: List[str],
    deid_content_list: List[str],
) -> None:
    """ Uses the Data Loss Prevention API to de-identify sensitive data in a
      table by replacing them with info type.

    Args:
        project: The Google Cloud project id to use as a parent resource.
        table_data: Json string representing table data.
        info_types: A list of strings representing info types to look for.
            A full list of info type categories can be fetched from the API.
        deid_content_list: A list of fields in table to de-identify

    Returns:
        None; the response from the API is printed to the terminal.

    Example:
    >> $ python deidentify_table_infotypes.py \
    '{
        "header": ["name", "email", "phone number"],
        "rows": [
            ["Robert Frost", "robertfrost@example.com", "4232342345"],
            ["John Doe", "johndoe@example.com", "4253458383"]
        ]
    }' \
    ["PERSON_NAME"] ["name"]
    >> '{
            "header": ["name", "email", "phone number"],
            "rows": [
                ["[PERSON_NAME]", "robertfrost@example.com", "4232342345"],
                ["[PERSON_NAME]", "johndoe@example.com", "4253458383"]
            ]
        }'
    """

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Construct the `table`. For more details on the table schema, please see
    # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
    headers = [{"name": val} for val in table_data["header"]]
    rows = []
    for row in table_data["rows"]:
        rows.append({"values": [{"string_value": cell_val} for cell_val in row]})

    table = {"headers": headers, "rows": rows}

    # Construct item
    item = {"table": table}

    # Specify fields to be de-identified
    deid_content_list = [{"name": _i} for _i in deid_content_list]

    # Construct inspect configuration dictionary
    inspect_config = {"info_types": [{"name": info_type} for info_type in info_types]}

    # Construct deidentify configuration dictionary
    deidentify_config = {
        "record_transformations": {
            "field_transformations": [
                {
                    "info_type_transformations": {
                        "transformations": [
                            {
                                "primitive_transformation": {
                                    "replace_with_info_type_config": {}
                                }
                            }
                        ]
                    },
                    "fields": deid_content_list,
                }
            ]
        }
    }

    # Convert the project id into a full resource id.
    parent = f"projects/{project}/locations/global"

    # Call the API.
    response = dlp.deidentify_content(
        request={
            "parent": parent,
            "deidentify_config": deidentify_config,
            "item": item,
            "inspect_config": inspect_config,
        }
    )

    # Print the result
    print(f"Table after de-identification: {response.item.table}")

APIs Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ]
      }
    ]
  }
}

根据列的内容阻止行显示

您可以根据任意列中显示的内容完全移除某个行。下面的示例将阻止“查尔斯·狄更斯”的记录显示,因为此患者已超过 89 岁。

输入 转换后的表
年龄 患者 幸福指数
101 查尔斯·狄更斯 95
22 简·奥斯汀 21
55 马克·吐温 75
年龄 患者 幸福指数
22 简·奥斯汀 21
55 马克·吐温 75

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyTableWithRowSuppress
{
    public static Table DeidentifyTable(
        string projectId,
        Table tableToInspect = null)
    {
        // Instantiate a client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToInspect == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "101" },
                new Value { StringValue = "Charles Dickens" },
                new Value { StringValue = "95" }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "22" },
                new Value { StringValue = "Jane Austin" },
                new Value { StringValue = "21" }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "55" },
                new Value { StringValue = "Mark Twain" },
                new Value { StringValue = "75" }
            };

            tableToInspect = new Table
            {
                Headers =
                {
                    new FieldId { Name = "AGE" },
                    new FieldId { Name = "PATIENT" },
                    new FieldId { Name = "HAPPINESS SCORE" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Construct the byte content item.
        var contentItem = new ContentItem { Table = tableToInspect };

        // Construct the conditions.
        var conditions = new RecordCondition.Types.Conditions
        {
            Conditions_ =
            {
                new RecordCondition.Types.Condition
                {
                    Field = new FieldId { Name = "AGE" },
                    Operator = RelationalOperator.GreaterThan,
                    Value = new Value { IntegerValue = 89 }
                }
            }
        };

        // Construct the deidentify config using the record suppression and conditions.
        var deidentifyConfig = new DeidentifyConfig
        {
            RecordTransformations = new RecordTransformations
            {
                RecordSuppressions =
                {
                    new RecordSuppression
                    {
                        Condition = new RecordCondition
                        {
                            Expressions = new RecordCondition.Types.Expressions
                            {
                                Conditions = conditions
                            }
                        }
                    }
                }
            }
        };

        // Construct the request.
        var request = new DeidentifyContentRequest
        {
            ParentAsLocationName = new LocationName(projectId, "global"),
            DeidentifyConfig = deidentifyConfig,
            Item = contentItem
        };

        // Call the API.
        var response = dlp.DeidentifyContent(request);

        // Inspect the response.
        Console.WriteLine(response.Item.Table);
        return response.Item.Table;
    }
}

Go

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

import (
	"context"
	"fmt"
	"io"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// deidentifyTableRowSuppress de-identifies table data and
// suppress a row based on the content of column
func deidentifyTableRowSuppress(w io.Writer, projectID string) error {
	// projectId := "your-project-id"

	row1 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "22"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Jane Austen"}},
			{Type: &dlppb.Value_StringValue{StringValue: "21"}},
		},
	}

	row2 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "55"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain"}},
			{Type: &dlppb.Value_StringValue{StringValue: "75"}},
		},
	}

	row3 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "101"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens"}},
			{Type: &dlppb.Value_StringValue{StringValue: "95"}},
		},
	}

	table := &dlppb.Table{
		Headers: []*dlppb.FieldId{
			{Name: "AGE"},
			{Name: "PATIENT"},
			{Name: "HAPPINESS SCORE"},
		},
		Rows: []*dlppb.Table_Row{
			{Values: row1.Values},
			{Values: row2.Values},
			{Values: row3.Values},
		},
	}

	ctx := context.Background()

	// Initialize a client once and reuse it to send multiple requests. Clients
	// are safe to use across goroutines. When the client is no longer needed,
	// call the Close method to cleanup its resources.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		return err
	}

	// Closing the client safely cleans up background resources.
	defer client.Close()

	// Specify what content you want the service to de-identify.
	contentItem := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Table{
			Table: table,
		},
	}

	// Apply the condition to record suppression.
	condition := &dlppb.RecordCondition{
		Expressions: &dlppb.RecordCondition_Expressions{
			Type: &dlppb.RecordCondition_Expressions_Conditions{
				Conditions: &dlppb.RecordCondition_Conditions{
					Conditions: []*dlppb.RecordCondition_Condition{
						{
							Field:    &dlppb.FieldId{Name: "AGE"},
							Operator: dlppb.RelationalOperator_GREATER_THAN,
							Value: &dlppb.Value{
								Type: &dlppb.Value_IntegerValue{IntegerValue: 89},
							},
						},
					},
				},
			},
		},
	}
	recordSupression := &dlppb.RecordSuppression{
		Condition: condition,
	}

	// Use record suppression as the only transformation
	recordTransformations := &dlppb.RecordTransformations{
		RecordSuppressions: []*dlppb.RecordSuppression{
			recordSupression,
		},
	}

	// Construct the de-identification request to be sent by the client.
	req := &dlppb.DeidentifyContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		DeidentifyConfig: &dlppb.DeidentifyConfig{
			Transformation: &dlppb.DeidentifyConfig_RecordTransformations{
				RecordTransformations: recordTransformations,
			},
		},
		Item: contentItem,
	}

	// Send the request.
	resp, err := client.DeidentifyContent(ctx, req)
	if err != nil {
		return err
	}

	// Print the results.
	fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
	return nil
}

Java

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordSuppression;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;

public class DeIdentifyTableRowSuppress {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .build())
            .build();

    deIdentifyTableRowSuppress(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableRowSuppress(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify when the content should be de-identified.
      Condition condition =
          Condition.newBuilder()
              .setField(FieldId.newBuilder().setName("AGE").build())
              .setOperator(RelationalOperator.GREATER_THAN)
              .setValue(Value.newBuilder().setIntegerValue(89).build())
              .build();
      // Apply the condition to record suppression.
      RecordSuppression recordSuppressions =
          RecordSuppression.newBuilder()
              .setCondition(
                  RecordCondition.newBuilder()
                      .setExpressions(
                          Expressions.newBuilder()
                              .setConditions(
                                  Conditions.newBuilder().addConditions(condition).build())
                              .build())
                      .build())
              .build();
      // Use record suppression as the only transformation
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addRecordSuppressions(recordSuppressions).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Node.js

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Initialize google DLP Client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Construct the tabular data
const tablularData = {
  headers: [{name: 'AGE'}, {name: 'PATIENT'}, {name: 'HAPPINESS SCORE'}],
  rows: [
    {
      values: [
        {integerValue: 101},
        {stringValue: 'Charles Dickens'},
        {integerValue: 95},
      ],
    },
    {
      values: [
        {integerValue: 22},
        {stringValue: 'Jane Austen'},
        {integerValue: 21},
      ],
    },
    {
      values: [
        {integerValue: 55},
        {stringValue: 'Mark Twain'},
        {integerValue: 75},
      ],
    },
  ],
};
async function deIdentifyTableRowSuppress() {
  // Specify when the content should be de-identified.
  const condition = {
    expressions: {
      conditions: {
        conditions: [
          {
            field: {name: 'AGE'},
            operator: 'GREATER_THAN',
            value: {integerValue: 89},
          },
        ],
      },
    },
  };

  // Apply the condition to record suppression.
  const recordTransformations = {
    recordSuppressions: [
      {
        condition,
      },
    ],
  };

  // Combine configurations into a request for the service.
  const request = {
    parent: `projects/${projectId}/locations/global`,
    item: {
      table: tablularData,
    },
    deidentifyConfig: {
      recordTransformations,
    },
  };

  // Send the request and receive response from the service.
  const [response] = await dlp.deidentifyContent(request);

  // Print the results.
  console.log(
    `Table after de-identification: ${JSON.stringify(response.item.table)}`
  );
}

deIdentifyTableRowSuppress();

PHP

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\RecordCondition;
use Google\Cloud\Dlp\V2\RecordCondition\Condition;
use Google\Cloud\Dlp\V2\RecordCondition\Conditions;
use Google\Cloud\Dlp\V2\RecordCondition\Expressions;
use Google\Cloud\Dlp\V2\RecordSuppression;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\RelationalOperator;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;

/**
 * De-identify table data: Suppress a row based on the content of a column
 * Suppress a row based on the content of a column. You can remove a row entirely based on the content that appears in any column. This example suppresses the record for "Charles Dickens," as this patient is over 89 years old.
 *
 * @param string $callingProjectId      The Google Cloud project id to use as a parent resource.
 * @param string $inputCsvFile          The input file(csv) path  to deidentify
 * @param string $outputCsvFile         The oupt file path to save deidentify content */

function deidentify_table_row_suppress(
    // TODO(developer): Replace sample parameters before running the code.
    string $callingProjectId,
    string $inputCsvFile = './test/data/table2.csv',
    string $outputCsvFile = './test/data/deidentify_table_row_suppress_output.csv'
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    $parent = "projects/$callingProjectId/locations/global";

    // Read a CSV file
    $csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
    $csvHeaders = explode(',', $csvLines[0]);
    $csvRows = array_slice($csvLines, 1);

    // Convert CSV file into protobuf objects
    $tableHeaders = array_map(function ($csvHeader) {
        return (new FieldId)
            ->setName($csvHeader);
    }, $csvHeaders);

    $tableRows = array_map(function ($csvRow) {
        $rowValues = array_map(function ($csvValue) {
            return (new Value())
                ->setStringValue($csvValue);
        }, explode(',', $csvRow));
        return (new Row())
            ->setValues($rowValues);
    }, $csvRows);

    // Construct the table object
    $tableToDeIdentify = (new Table())
        ->setHeaders($tableHeaders)
        ->setRows($tableRows);

    // Specify what content you want the service to de-identify.
    $content = (new ContentItem())
        ->setTable($tableToDeIdentify);

    // Specify when the content should be de-identified.
    $condition = (new Condition())
        ->setField((new FieldId())
            ->setName('AGE'))
        ->setOperator(RelationalOperator::GREATER_THAN)
        ->setValue((new Value())
            ->setIntegerValue(89));

    // Apply the condition to record suppression.
    $recordSuppressions = (new RecordSuppression())
        ->setCondition((new RecordCondition())
                ->setExpressions((new Expressions())
                        ->setConditions((new Conditions())
                                ->setConditions([$condition])
                        )
                )
        );

    // Use record suppression as the only transformation
    $recordtransformations = (new RecordTransformations())
        ->setRecordSuppressions([$recordSuppressions]);

    // Create the deidentification configuration object
    $deidentifyConfig = (new DeidentifyConfig())
        ->setRecordTransformations($recordtransformations);

    // Run request
    $deidentifyContentRequest = (new DeidentifyContentRequest())
        ->setParent($parent)
        ->setDeidentifyConfig($deidentifyConfig)
        ->setItem($content);
    $response = $dlp->deidentifyContent($deidentifyContentRequest);

    // Print the results
    $csvRef = fopen($outputCsvFile, 'w');
    fputcsv($csvRef, $csvHeaders);
    foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
        $values = array_map(function ($tableValue) {
            return $tableValue->getStringValue();
        }, iterator_to_array($tableRow->getValues()));
        fputcsv($csvRef, $values);
    };
    printf($outputCsvFile);
}

Python

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

from typing import Dict, List, Union

import google.cloud.dlp

def deidentify_table_suppress_row(
    project: str,
    table_data: Dict[str, Union[List[str], List[List[str]]]],
    condition_field: str,
    condition_operator: str,
    condition_value: int,
) -> None:
    """ Uses the Data Loss Prevention API to de-identify sensitive data in a
      table by suppressing entire row/s based on a condition.

    Args:
        project: The Google Cloud project id to use as a parent resource.
        table_data: Dictionary representing table data.
        condition_field: A table field within the record this condition is evaluated against.
        condition_operator: Operator used to compare the field or infoType to the value. One of:
            RELATIONAL_OPERATOR_UNSPECIFIED, EQUAL_TO, NOT_EQUAL_TO, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS,
            LESS_THAN_OR_EQUALS, EXISTS.
        condition_value: Value to compare against. [Mandatory, except for ``EXISTS`` tests.].

    Example:

    >> $ python deidentify_table_row_suppress.py \
    '{"header": ["email", "phone number", "age"],
    "rows": [["robertfrost@example.com", "4232342345", "35"],
    ["johndoe@example.com", "4253458383", "64"]]}' \
    "age" "GREATER_THAN" 50
    >> '{"header": ["email", "phone number", "age"],
        "rows": [["robertfrost@example.com", "4232342345", "35", "21"]]}'
    """

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Construct the `table`. For more details on the table schema, please see
    # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
    headers = [{"name": val} for val in table_data["header"]]
    rows = []
    for row in table_data["rows"]:
        rows.append({"values": [{"string_value": cell_val} for cell_val in row]})

    table = {"headers": headers, "rows": rows}

    # Construct the `item` containing the table data.
    item = {"table": table}

    # Construct condition list.
    condition = [
        {
            "field": {"name": condition_field},
            "operator": condition_operator,
            "value": {"integer_value": condition_value},
        }
    ]

    # Construct deidentify configuration dictionary
    deidentify_config = {
        "record_transformations": {
            "record_suppressions": [
                {
                    "condition": {
                        "expressions": {"conditions": {"conditions": condition}}
                    }
                }
            ]
        }
    }

    # Convert the project id into a full resource id.
    parent = f"projects/{project}/locations/global"

    # Call the API.
    response = dlp.deidentify_content(
        request={"parent": parent, "deidentify_config": deidentify_config, "item": item}
    )

    # Print the result.
    print(f"Table after de-identification: {response.item.table}")

APIs Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "recordSuppressions":[
      {
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

仅在满足其他字段的特定条件时才转换结果

在下面的示例中,只有当“年龄”列表明患者年龄超过 89 岁时,才会隐去找到的 PERSON_NAME 结果。

输入 转换后的表
年龄 患者 幸福指数 趣闻
101 查尔斯·狄更斯 95 查尔斯·狄更斯这个名字是一个诅咒,可能是由莎士比亚虚构的。
22 简·奥斯汀 21 简·奥斯汀的小说中共出现了 14 次亲吻。
55 马克·吐温 75 马克·吐温喜欢猫。
年龄 患者 幸福指数 趣闻
101 [PERSON_NAME] 95 [PERSON_NAME] 这个名字是一个诅咒,可能是由 [PERSON_NAME] 虚构的。
22 简·奥斯汀 21 简·奥斯汀的小说中共出现了 14 次亲吻。
55 马克·吐温 75 马克·吐温喜欢猫。

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyTableUsingLogicInfoTypes
{
    public static Table Deidentify(
        string projectId,
        Table tableToInspect = null,
        IEnumerable<InfoType> infoTypes = null)
    {
        // Instantiate the dlp client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToInspect == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "101" },
                new Value { StringValue = "Charles Dickens" },
                new Value { StringValue = "95" },
                new Value { StringValue = "Charles Dickens name was a curse invented by Shakespeare." }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "22" },
                new Value { StringValue = "Jane Austin" },
                new Value { StringValue = "21" },
                new Value { StringValue = "There are 14 kisses in Jane Austen's novels." }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "55" },
                new Value { StringValue = "Mark Twain" },
                new Value { StringValue = "75" },
                new Value { StringValue = "Mark Twain loved cats." }
            };

            tableToInspect = new Table
            {
                Headers =
                {
                    new FieldId { Name = "AGE" },
                    new FieldId { Name = "PATIENT" },
                    new FieldId { Name = "HAPPINESS SCORE" },
                    new FieldId { Name = "FACTOID" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Construct the table content item.
        var contentItem = new ContentItem { Table = tableToInspect };

        // Specify that findings should be replaced with corresponding info type name.
        var infoTypeTransformation = new InfoTypeTransformations
        {
            Transformations =
            {
                new InfoTypeTransformations.Types.InfoTypeTransformation
                {
                    InfoTypes = { infoTypes ?? new InfoType[] { new InfoType { Name = "PERSON_NAME" } } },
                    PrimitiveTransformation = new PrimitiveTransformation
                    {
                        ReplaceWithInfoTypeConfig = new ReplaceWithInfoTypeConfig()
                    }
                }
            }
        };

        // Specify the fields to be de-identified.
        var fields = new FieldId[] { new FieldId { Name = "PATIENT" }, new FieldId { Name = "FACTOID" } };

        // Specify when the above fields should be de-identified using condition.
        var condition = new RecordCondition.Types.Conditions
        {
            Conditions_ =
            {
                new RecordCondition.Types.Condition
                {
                    Field = new FieldId { Name = "AGE" },
                    Operator = RelationalOperator.GreaterThan,
                    Value = new Value { IntegerValue = 89 }
                }
            }
        };

        // Apply the condition to records.
        var recordCondition = new RecordCondition
        {
            Expressions = new RecordCondition.Types.Expressions
            {
                Conditions = condition
            }
        };

        // Associate the de-identification and conditions with the specified fields.
        var deidentifiedConfig = new DeidentifyConfig
        {
            RecordTransformations = new RecordTransformations
            {
                FieldTransformations =
                {
                    new FieldTransformation
                    {
                        InfoTypeTransformations = infoTypeTransformation,
                        Fields = { fields },
                        Condition = recordCondition
                    }
                }
            }
        };

        // Construct the request.
        var request = new DeidentifyContentRequest
        {
            ParentAsLocationName = new LocationName(projectId, "global"),
            DeidentifyConfig = deidentifiedConfig,
            Item = contentItem
        };

        // Call the API.
        var response = dlp.DeidentifyContent(request);

        // Inspect the response.
        Console.WriteLine(response.Item.Table);
        return response.Item.Table;
    }
}

Go

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

import (
	"context"
	"fmt"
	"io"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// deidentifyTableConditionInfoTypes de-identifies table data
// using conditional logic and replace with infoTypes
func deidentifyTableConditionInfoTypes(w io.Writer, projectID string, columnNames []string) error {
	// projectId := "your-project-id"
	// columnNames := []string{"PATIENT", "FACTOID"}

	row1 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "22"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Jane Austen"}},
			{Type: &dlppb.Value_StringValue{StringValue: "21"}},
			{Type: &dlppb.Value_StringValue{StringValue: "There are 14 kisses in Jane Austen's novels."}},
		},
	}

	row2 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "55"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain"}},
			{Type: &dlppb.Value_StringValue{StringValue: "75"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Mark Twain loved cats."}},
		},
	}

	row3 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "101"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens"}},
			{Type: &dlppb.Value_StringValue{StringValue: "95"}},
			{Type: &dlppb.Value_StringValue{StringValue: "Charles Dickens name was a curse invented by Shakespeare."}},
		},
	}

	table := &dlppb.Table{
		Headers: []*dlppb.FieldId{
			{Name: "AGE"},
			{Name: "PATIENT"},
			{Name: "HAPPINESS SCORE"},
			{Name: "FACTOID"},
		},
		Rows: []*dlppb.Table_Row{
			{Values: row1.Values},
			{Values: row2.Values},
			{Values: row3.Values},
		},
	}

	ctx := context.Background()

	// Initialize a client once and reuse it to send multiple requests. Clients
	// are safe to use across goroutines. When the client is no longer needed,
	// call the Close method to cleanup its resources.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		return err
	}

	// Closing the client safely cleans up background resources.
	defer client.Close()

	// Specify what content you want the service to de-identify.
	contentItem := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Table{
			Table: table,
		},
	}

	// Specify how the content should be de-identified.
	// Select type of info to be replaced.
	infoTypes := []*dlppb.InfoType{
		{Name: "PERSON_NAME"},
	}

	// Specify that findings should be replaced with corresponding info type name.
	primitiveTransformation := &dlppb.PrimitiveTransformation{
		Transformation: &dlppb.PrimitiveTransformation_ReplaceWithInfoTypeConfig{},
	}

	// Associate info type with the replacement strategy
	infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
		InfoTypes:               infoTypes,
		PrimitiveTransformation: primitiveTransformation,
	}

	infoTypeTransformations := &dlppb.InfoTypeTransformations{
		Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
			infoTypeTransformation,
		},
	}

	// Specify fields to be de-identified.
	var f []*dlppb.FieldId
	for _, c := range columnNames {
		f = append(f, &dlppb.FieldId{Name: c})
	}

	// Specify when the above fields should be de-identified.
	condition := &dlppb.RecordCondition{
		Expressions: &dlppb.RecordCondition_Expressions{
			Type: &dlppb.RecordCondition_Expressions_Conditions{
				Conditions: &dlppb.RecordCondition_Conditions{
					Conditions: []*dlppb.RecordCondition_Condition{
						{
							Field: &dlppb.FieldId{
								Name: "AGE",
							},
							Operator: dlppb.RelationalOperator_GREATER_THAN,
							Value: &dlppb.Value{
								Type: &dlppb.Value_IntegerValue{
									IntegerValue: 89,
								},
							},
						},
					},
				},
			},
		},
	}

	// Associate the de-identification and conditions with the specified fields.
	fieldTransformation := &dlppb.FieldTransformation{
		Fields:    f,
		Condition: condition,
		Transformation: &dlppb.FieldTransformation_InfoTypeTransformations{
			InfoTypeTransformations: infoTypeTransformations,
		},
	}

	recordTransformations := &dlppb.RecordTransformations{
		FieldTransformations: []*dlppb.FieldTransformation{
			fieldTransformation,
		},
	}

	// Construct the de-identification request to be sent by the client.
	req := &dlppb.DeidentifyContentRequest{
		Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
		DeidentifyConfig: &dlppb.DeidentifyConfig{
			Transformation: &dlppb.DeidentifyConfig_RecordTransformations{
				RecordTransformations: recordTransformations,
			},
		},
		Item: contentItem,
	}

	// Send the request.
	resp, err := client.DeidentifyContent(ctx, req)
	if err != nil {
		return err
	}

	// Print the results.
	fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
	return nil

}

Java

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.FieldTransformation;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InfoTypeTransformations.InfoTypeTransformation;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.RecordCondition;
import com.google.privacy.dlp.v2.RecordCondition.Condition;
import com.google.privacy.dlp.v2.RecordCondition.Conditions;
import com.google.privacy.dlp.v2.RecordCondition.Expressions;
import com.google.privacy.dlp.v2.RecordTransformations;
import com.google.privacy.dlp.v2.RelationalOperator;
import com.google.privacy.dlp.v2.ReplaceWithInfoTypeConfig;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.Table.Row;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableConditionInfoTypes {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    String projectId = "your-project-id";
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("AGE").build())
            .addHeaders(FieldId.newBuilder().setName("PATIENT").build())
            .addHeaders(FieldId.newBuilder().setName("HAPPINESS SCORE").build())
            .addHeaders(FieldId.newBuilder().setName("FACTOID").build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("101").build())
                    .addValues(Value.newBuilder().setStringValue("Charles Dickens").build())
                    .addValues(Value.newBuilder().setStringValue("95").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "Charles Dickens name was a curse invented by Shakespeare.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("22").build())
                    .addValues(Value.newBuilder().setStringValue("Jane Austen").build())
                    .addValues(Value.newBuilder().setStringValue("21").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue("There are 14 kisses in Jane Austen's novels.")
                            .build())
                    .build())
            .addRows(
                Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("55").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain").build())
                    .addValues(Value.newBuilder().setStringValue("75").build())
                    .addValues(Value.newBuilder().setStringValue("Mark Twain loved cats.").build())
                    .build())
            .build();

    deIdentifyTableConditionInfoTypes(projectId, tableToDeIdentify);
  }

  public static Table deIdentifyTableConditionInfoTypes(String projectId, Table tableToDeIdentify)
      throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to de-identify.
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify how the content should be de-identified.
      // Select type of info to be replaced.
      InfoType infoType = InfoType.newBuilder().setName("PERSON_NAME").build();
      // Specify that findings should be replaced with corresponding info type name.
      ReplaceWithInfoTypeConfig replaceWithInfoTypeConfig =
          ReplaceWithInfoTypeConfig.getDefaultInstance();
      PrimitiveTransformation primitiveTransformation =
          PrimitiveTransformation.newBuilder()
              .setReplaceWithInfoTypeConfig(replaceWithInfoTypeConfig)
              .build();
      // Associate info type with the replacement strategy
      InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformation.newBuilder()
              .addInfoTypes(infoType)
              .setPrimitiveTransformation(primitiveTransformation)
              .build();
      InfoTypeTransformations infoTypeTransformations =
          InfoTypeTransformations.newBuilder().addTransformations(infoTypeTransformation).build();

      // Specify fields to be de-identified.
      List<FieldId> fieldIds =
          Stream.of("PATIENT", "FACTOID")
              .map(id -> FieldId.newBuilder().setName(id).build())
              .collect(Collectors.toList());

      // Specify when the above fields should be de-identified.
      Condition condition =
          Condition.newBuilder()
              .setField(FieldId.newBuilder().setName("AGE").build())
              .setOperator(RelationalOperator.GREATER_THAN)
              .setValue(Value.newBuilder().setIntegerValue(89).build())
              .build();
      // Apply the condition to records
      RecordCondition recordCondition =
          RecordCondition.newBuilder()
              .setExpressions(
                  Expressions.newBuilder()
                      .setConditions(Conditions.newBuilder().addConditions(condition).build())
                      .build())
              .build();

      // Associate the de-identification and conditions with the specified fields.
      FieldTransformation fieldTransformation =
          FieldTransformation.newBuilder()
              .setInfoTypeTransformations(infoTypeTransformations)
              .addAllFields(fieldIds)
              .setCondition(recordCondition)
              .build();
      RecordTransformations transformations =
          RecordTransformations.newBuilder().addFieldTransformations(fieldTransformation).build();

      DeidentifyConfig deidentifyConfig =
          DeidentifyConfig.newBuilder().setRecordTransformations(transformations).build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service.
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results.
      System.out.println("Table after de-identification: " + response.getItem().getTable());

      return response.getItem().getTable();
    }
  }
}

Node.js

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Initialize google DLP Client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Construct the tabular data
const tablularData = {
  headers: [
    {name: 'AGE'},
    {name: 'PATIENT'},
    {name: 'HAPPINESS SCORE'},
    {name: 'FACTOID'},
  ],
  rows: [
    {
      values: [
        {integerValue: 101},
        {stringValue: 'Charles Dickens'},
        {integerValue: 95},
        {
          stringValue:
            'Charles Dickens name was a curse invented by Shakespeare.',
        },
      ],
    },
    {
      values: [
        {integerValue: 22},
        {stringValue: 'Jane Austen'},
        {integerValue: 21},
        {stringValue: "There are 14 kisses in Jane Austen's novels."},
      ],
    },
    {
      values: [
        {integerValue: 55},
        {stringValue: 'Mark Twain'},
        {integerValue: 75},
        {stringValue: 'Mark Twain loved cats.'},
      ],
    },
  ],
};

async function deIdentifyTableConditionalInfoType() {
  // Specify fields to be de-identified.
  const fieldIds = [{name: 'PATIENT'}, {name: 'FACTOID'}];

  // Associate info type with the replacement strategy
  const infoTypeTransformations = {
    transformations: [
      {
        infoTypes: [{name: 'PERSON_NAME'}],
        primitiveTransformation: {
          replaceWithInfoTypeConfig: {},
        },
      },
    ],
  };

  // Specify when the above fields should be de-identified.
  const condition = {
    expressions: {
      conditions: {
        conditions: [
          {
            field: {name: 'AGE'},
            operator: 'GREATER_THAN',
            value: {integerValue: 89},
          },
        ],
      },
    },
  };

  // Apply the condition to records.
  const recordTransformations = {
    fieldTransformations: [
      {
        infoTypeTransformations,
        fields: fieldIds,
        condition: condition,
      },
    ],
  };

  // Combine configurations into a request for the service.
  const request = {
    parent: `projects/${projectId}/locations/global`,
    item: {
      table: tablularData,
    },
    deidentifyConfig: {
      recordTransformations,
    },
  };
  // Send the request and receive response from the service.
  const [response] = await dlp.deidentifyContent(request);

  // Print the results.
  console.log(
    `Table after de-identification: ${JSON.stringify(response.item.table)}`
  );
}

deIdentifyTableConditionalInfoType();

PHP

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\FieldTransformation;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\RecordCondition;
use Google\Cloud\Dlp\V2\RecordCondition\Condition;
use Google\Cloud\Dlp\V2\RecordCondition\Conditions;
use Google\Cloud\Dlp\V2\RecordCondition\Expressions;
use Google\Cloud\Dlp\V2\RecordTransformations;
use Google\Cloud\Dlp\V2\RelationalOperator;
use Google\Cloud\Dlp\V2\ReplaceWithInfoTypeConfig;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;

/**
 * De-identify table data using conditional logic and replace with infoTypes.
 * Transform findings only when specific conditions are met on another field.
 *
 * @param string $callingProjectId      The Google Cloud project id to use as a parent resource.
 * @param string $inputCsvFile          The input file(csv) path  to deidentify
 * @param string $outputCsvFile         The oupt file path to save deidentify content
 */

function deidentify_table_condition_infotypes(
    // TODO(developer): Replace sample parameters before running the code.
    string $callingProjectId,
    string $inputCsvFile = './test/data/table1.csv',
    string $outputCsvFile = './test/data/deidentify_table_condition_infotypes_output.csv'
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    $parent = "projects/$callingProjectId/locations/global";

    // Read a CSV file
    $csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
    $csvHeaders = explode(',', $csvLines[0]);
    $csvRows = array_slice($csvLines, 1);

    // Convert CSV file into protobuf objects
    $tableHeaders = array_map(function ($csvHeader) {
        return (new FieldId)
            ->setName($csvHeader);
    }, $csvHeaders);

    $tableRows = array_map(function ($csvRow) {
        $rowValues = array_map(function ($csvValue) {
            return (new Value())
                ->setStringValue($csvValue);
        }, explode(',', $csvRow));
        return (new Row())
            ->setValues($rowValues);
    }, $csvRows);

    // Construct the table object
    $tableToDeIdentify = (new Table())
        ->setHeaders($tableHeaders)
        ->setRows($tableRows);

    // Specify what content you want the service to de-identify.
    $content = (new ContentItem())
        ->setTable($tableToDeIdentify);

    // Specify the type of info the inspection will look for.
    $personNameInfoType = (new InfoType())
        ->setName('PERSON_NAME');

    // Specify that findings should be replaced with corresponding info type name.
    $primitiveTransformation = (new PrimitiveTransformation())
        ->setReplaceWithInfoTypeConfig(new ReplaceWithInfoTypeConfig());

    // Associate info type with the replacement strategy
    $infoTypeTransformation = (new InfoTypeTransformation())
        ->setPrimitiveTransformation($primitiveTransformation)
        ->setInfoTypes([$personNameInfoType]);

    $infoTypeTransformations = (new InfoTypeTransformations())
        ->setTransformations([$infoTypeTransformation]);

    // Specify fields to be de-identified.
    $fieldIds = [
        (new FieldId())->setName('PATIENT'),
        (new FieldId())->setName('FACTOID'),
    ];

    // Specify when the above fields should be de-identified.
    $condition = (new Condition())
        ->setField((new FieldId())
            ->setName('AGE'))
        ->setOperator(RelationalOperator::GREATER_THAN)
        ->setValue((new Value())
            ->setIntegerValue(89));

    // Apply the condition to records
    $recordCondition = (new RecordCondition())
        ->setExpressions((new Expressions())
                ->setConditions((new Conditions())
                        ->setConditions([$condition])
                )
        );

    // Associate the de-identification and conditions with the specified fields.
    $fieldTransformation = (new FieldTransformation())
        ->setInfoTypeTransformations($infoTypeTransformations)
        ->setFields($fieldIds)
        ->setCondition($recordCondition);

    $recordtransformations = (new RecordTransformations())
        ->setFieldTransformations([$fieldTransformation]);

    $deidentifyConfig = (new DeidentifyConfig())
        ->setRecordTransformations($recordtransformations);

    // Run request
    $deidentifyContentRequest = (new DeidentifyContentRequest())
        ->setParent($parent)
        ->setDeidentifyConfig($deidentifyConfig)
        ->setItem($content);
    $response = $dlp->deidentifyContent($deidentifyContentRequest);

    // Print results
    $csvRef = fopen($outputCsvFile, 'w');
    fputcsv($csvRef, $csvHeaders);
    foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
        $values = array_map(function ($tableValue) {
            return $tableValue->getStringValue();
        }, iterator_to_array($tableRow->getValues()));
        fputcsv($csvRef, $values);
    };
    printf($outputCsvFile);
}

Python

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

from typing import Dict, List, Union

import google.cloud.dlp
from google.cloud.dlp_v2 import types

def deidentify_table_condition_replace_with_info_types(
    project: str,
    table_data: Dict[str, Union[List[str], List[List[str]]]],
    deid_content_list: List[str],
    info_types: List[str],
    condition_field: str = None,
    condition_operator: str = None,
    condition_value: int = None,
) -> types.dlp.Table:
    """Uses the Data Loss Prevention API to de-identify sensitive data in a
    table by replacing them with info-types based on a condition.
    Args:
       project: The Google Cloud project id to use as a parent resource.
       table_data: Json string representing table data.
       deid_content_list: A list of fields in table to de-identify.
       info_types: A list of strings representing info types to look for.
           A full list of info categories and types is available from the API.
           Examples include "FIRST_NAME", "LAST_NAME", "EMAIL_ADDRESS". '
       condition_field: A table field within the record this condition is evaluated against.
       condition_operator: Operator used to compare the field or infoType to the value. One of:
           RELATIONAL_OPERATOR_UNSPECIFIED, EQUAL_TO, NOT_EQUAL_TO, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS,
           LESS_THAN_OR_EQUALS, EXISTS.
       condition_value: Value to compare against. [Mandatory, except for ``EXISTS`` tests.].

    Returns:
       De-identified table is returned;
       the response from the API is also printed to the terminal.

    Example:
    >> $ python deidentify_table_condition_infotypes.py \
    '{"header": ["email", "phone number", "age"],
    "rows": [["robertfrost@example.com", "4232342345", "45"],
    ["johndoe@example.com", "4253458383", "63"]]}' ["email"] \
    ["EMAIL_ADDRESS"] "age" "GREATER_THAN" 50
    >> '{"header": ["email", "phone number", "age"],
        "rows": [["robertfrost@example.com", "4232342345", "45"],
        ["[EMAIL_ADDRESS]", "4253458383", "63"]]}'
    """

    # Instantiate a client.
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Construct the `table`. For more details on the table schema, please see
    # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
    headers = [{"name": val} for val in table_data["header"]]
    rows = []
    for row in table_data["rows"]:
        rows.append({"values": [{"string_value": cell_val} for cell_val in row]})

    table = {"headers": headers, "rows": rows}

    # Construct the item
    item = {"table": table}

    # Specify fields to be de-identified
    deid_field_list = [{"name": _i} for _i in deid_content_list]

    # Construct inspect configuration dictionary
    inspect_config = {"info_types": [{"name": info_type} for info_type in info_types]}

    # Construct condition list
    condition = [
        {
            "field": {"name": condition_field},
            "operator": condition_operator,
            "value": {"integer_value": condition_value},
        }
    ]

    # Construct deidentify configuration dictionary
    deidentify_config = {
        "record_transformations": {
            "field_transformations": [
                {
                    "info_type_transformations": {
                        "transformations": [
                            {
                                "primitive_transformation": {
                                    "replace_with_info_type_config": {}
                                }
                            }
                        ]
                    },
                    "fields": deid_field_list,
                    "condition": {
                        "expressions": {"conditions": {"conditions": condition}}
                    },
                }
            ]
        }
    }

    # Convert the project id into a full resource id.
    parent = f"projects/{project}/locations/global"

    # Call the API.
    response = dlp.deidentify_content(
        request={
            "parent": parent,
            "deidentify_config": deidentify_config,
            "item": item,
            "inspect_config": inspect_config,
        }
    )

    print(f"Table after de-identification: {response.item.table}")

    return response.item.table

APIs Explorer 示例

"deidentifyConfig":{
  "recordTransformations":{
    "fieldTransformations":[
      {
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"PERSON_NAME"
                }
              ],
              "primitiveTransformation":{
                "replaceWithInfoTypeConfig":{

                }
              }
            }
          ]
        },
        "fields":[
          {
            "name":"PATIENT"
          },
          {
            "name":"FACTOID"
          }
        ],
        "condition":{
          "expressions":{
            "conditions":{
              "conditions":[
                {
                  "field":{
                    "name":"AGE"
                  },
                  "operator":"GREATER_THAN",
                  "value":{
                    "integerValue":"89"
                  }
                }
              ]
            }
          }
        }
      }
    ]
  }
}

使用加密哈希转换来转换结果

以下 JSON 示例使用 infoType 转换来指示 DLP API 检查整个表结构是否存在特定的 infoTypes,然后使用瞬态 CryptoKey 加密匹配的值。

下面的示例演示了如何使用加密哈希转换对两个 infoType 进行去标识化。

输入:

userid 备注
user1@example.org 我的电子邮件是 user1@example.org,电话是 858-555-0222
user2@example.org 我的电子邮件是 user2@example.org,电话是 858-555-0223
user3@example.org 我的电子邮件是 user3@example.org,电话是 858-555-0224

转换后的表

userid 备注
1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM= 我的电子邮件是 1kSfj3Op64MH1BiznupEpX0BdQrHMm62X6abgsPH5zM=,电话是 hYXPcsJNBCe1rr51sHiVw2KhtoyMe4HEFKNHWFcDVm0=
4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM= 我的电子邮件是 4ESy7+rEN8NVaUJ6J7kwvcgW8wcm0cm5gbBAcu6SfdM=,电话是 KKqW1tQwgvGiC6iWJHhLiz2enNSEFRzhmLOf9fSTxRw=
bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0= 我的电子邮件是 bu1blyd/mbjLmpF2Rdi6zpgsLatSwpJLVki2fMeudM0=,电话是 eNt7qtZVLmxRb8z8NBR/+z00In07CI3hEMStbwofWoc=

APIs Explorer 示例

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyTableWithCryptoHash
{
    public static Table Deidentify(
        string projectId,
        Table tableToDeidentify = null,
        IEnumerable<InfoType> infoTypes = null,
        string transientKeyName = null)
    {
        // Instantiate the client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToDeidentify == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "user1@example.org" },
                new Value { StringValue = "my email is user1@example.org and phone is 858-555-0222" }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "user2@example.org" },
                new Value { StringValue = "my email is user2@example.org and phone is 858-555-0223" }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "user3@example.org" },
                new Value { StringValue = "my email is user3@example.org and phone is 858-555-0224" }
            };

            tableToDeidentify = new Table
            {
                Headers =
                {
                    new FieldId { Name = "User ID" },
                    new FieldId { Name = "comments" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Specify the table and construct the content item.
        var contentItem = new ContentItem { Table = tableToDeidentify };

        // Construct the infoTypes by specifying the type of info to be inspected if null.
        var infotypes = infoTypes ?? new InfoType[]
        {
            new InfoType { Name = "EMAIL_ADDRESS" },
            new InfoType { Name = "PHONE_NUMBER" }
        };

        // Construct the crypto hash config using transient crypto key name.
        var cryptoHashConfig = new CryptoHashConfig
        {
            CryptoKey = new CryptoKey
            {
                Transient = new TransientCryptoKey
                {
                    Name = transientKeyName ?? "[TRANSIENT-CRYPTO-KEY]"
                }
            }
        };

        // Construct the de-identify config using crypto hash config.
        var deidentifyConfig = new DeidentifyConfig
        {
            InfoTypeTransformations = new InfoTypeTransformations
            {
                Transformations =
                {
                    new InfoTypeTransformations.Types.InfoTypeTransformation
                    {
                        PrimitiveTransformation = new PrimitiveTransformation
                        {
                            CryptoHashConfig = cryptoHashConfig
                        },
                        InfoTypes = { infotypes }
                    }
                }
            }
        };

        // Construct the inspect config.
        var inspectConfig = new InspectConfig
        {
            InfoTypes = { infotypes },
            IncludeQuote = true
        };

        // Construct the request.
        var request = new DeidentifyContentRequest
        {
            ParentAsLocationName = new LocationName(projectId, "global"),
            DeidentifyConfig = deidentifyConfig,
            Item = contentItem,
            InspectConfig = inspectConfig
        };

        // Call the API.
        DeidentifyContentResponse response = dlp.DeidentifyContent(request);

        // Print the table.
        Console.WriteLine(response.Item.Table);

        return response.Item.Table;
    }
}

Go

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

import (
	"context"
	"fmt"
	"io"

	dlp "cloud.google.com/go/dlp/apiv2"
	"cloud.google.com/go/dlp/apiv2/dlppb"
)

// deIdentifyTableWithCryptoHash transforms findings using a cryptographic hash transformation.
func deIdentifyTableWithCryptoHash(w io.Writer, projectID, transientKeyName string) error {
	// projectId := "your-project-id"
	// transientKeyName := "YOUR_TRANSIENT_CRYPTO_KEY_NAME"

	row1 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "user1@example.org"}},
			{Type: &dlppb.Value_StringValue{StringValue: "my email is user1@example.org and phone is 858-555-0222"}},
		},
	}

	row2 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "user2@example.org"}},
			{Type: &dlppb.Value_StringValue{StringValue: "my email is user2@example.org and phone is 858-555-0232"}},
		},
	}

	row3 := &dlppb.Table_Row{
		Values: []*dlppb.Value{
			{Type: &dlppb.Value_StringValue{StringValue: "user3@example.org"}},
			{Type: &dlppb.Value_StringValue{StringValue: "my email is user3@example.org and phone is 858-555-0224"}},
		},
	}

	tableToDeidentify := &dlppb.Table{
		Headers: []*dlppb.FieldId{
			{Name: "userid"},
			{Name: "comments"},
		},
		Rows: []*dlppb.Table_Row{
			{Values: row1.Values},
			{Values: row2.Values},
			{Values: row3.Values},
		},
	}

	ctx := context.Background()

	// Initialize a client once and reuse it to send multiple requests. Clients
	// are safe to use across goroutines. When the client is no longer needed,
	// call the Close method to cleanup its resources.
	client, err := dlp.NewClient(ctx)
	if err != nil {
		return err
	}

	// Closing the client safely cleans up background resources.
	defer client.Close()

	// Specify what content you want the service to de-identify.
	contentItem := &dlppb.ContentItem{
		DataItem: &dlppb.ContentItem_Table{
			Table: tableToDeidentify,
		},
	}

	// Specify the type of info the inspection will look for.
	// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
	infoTypes := []*dlppb.InfoType{
		{Name: "PHONE_NUMBER"},
		{Name: "EMAIL_ADDRESS"},
	}

	inspectConfig := &dlppb.InspectConfig{
		InfoTypes: infoTypes,
	}

	// Specify the transient key which will encrypt the data.
	if transientKeyName == "" {
		transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY_NAME"
	}

	// Specify the transient key which will encrypt the data.
	cryptoKey := &dlppb.CryptoKey{
		Source: &dlppb.CryptoKey_Transient{
			Transient: &dlppb.TransientCryptoKey{
				Name: transientKeyName,
			},
		},
	}

	// Specify how the info from the inspection should be encrypted.
	cryptoHashConfig := &dlppb.CryptoHashConfig{
		CryptoKey: cryptoKey,
	}

	// Define type of de-identification as cryptographic hash transformation.
	primitiveTransformation := &dlppb.PrimitiveTransformation_CryptoHashConfig{
		CryptoHashConfig: cryptoHashConfig,
	}

	infoTypeTransformation := &dlppb.InfoTypeTransformations_InfoTypeTransformation{
		InfoTypes: infoTypes,
		PrimitiveTransformation: &dlppb.PrimitiveTransformation{
			Transformation: primitiveTransformation,
		},
	}

	transformations := &dlppb.InfoTypeTransformations{
		Transformations: []*dlppb.InfoTypeTransformations_InfoTypeTransformation{
			infoTypeTransformation,
		},
	}

	// Specify the config for the de-identify request.
	deidentifyConfig := &dlppb.DeidentifyConfig{
		Transformation: &dlppb.DeidentifyConfig_InfoTypeTransformations{
			InfoTypeTransformations: transformations,
		},
	}

	// Construct the de-identification request to be sent by the client.
	req := &dlppb.DeidentifyContentRequest{
		Parent:           fmt.Sprintf("projects/%s/locations/global", projectID),
		DeidentifyConfig: deidentifyConfig,
		InspectConfig:    inspectConfig,
		Item:             contentItem,
	}

	// Send the request.
	resp, err := client.DeidentifyContent(ctx, req)
	if err != nil {
		return err
	}

	// Print the results.
	fmt.Fprintf(w, "Table after de-identification : %v", resp.GetItem().GetTable())
	return nil
}

Java

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ContentItem;
import com.google.privacy.dlp.v2.CryptoHashConfig;
import com.google.privacy.dlp.v2.CryptoKey;
import com.google.privacy.dlp.v2.DeidentifyConfig;
import com.google.privacy.dlp.v2.DeidentifyContentRequest;
import com.google.privacy.dlp.v2.DeidentifyContentResponse;
import com.google.privacy.dlp.v2.FieldId;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InfoTypeTransformations;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.PrimitiveTransformation;
import com.google.privacy.dlp.v2.Table;
import com.google.privacy.dlp.v2.TransientCryptoKey;
import com.google.privacy.dlp.v2.Value;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

public class DeIdentifyTableWithCryptoHash {

  public static void main(String[] args) throws Exception {
    // TODO(developer): Replace these variables before running the sample.

    // The Google Cloud project id to use as a parent resource.
    String projectId = "your-project-id";

    // The table to de-identify.
    Table tableToDeIdentify =
        Table.newBuilder()
            .addHeaders(FieldId.newBuilder().setName("userid").build())
            .addHeaders(FieldId.newBuilder().setName("comments").build())
            .addRows(
                Table.Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("user1@example.org").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "my email is user1@example.org and phone is 858-555-0222")
                            .build())
                    .build())
            .addRows(
                Table.Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("user2@example.org").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "my email is user2@example.org and phone is 858-555-0223")
                            .build())
                    .build())
            .addRows(
                Table.Row.newBuilder()
                    .addValues(Value.newBuilder().setStringValue("user3@example.org").build())
                    .addValues(
                        Value.newBuilder()
                            .setStringValue(
                                "my email is user3@example.org and phone is 858-555-0224")
                            .build())
                    .build())
            .build();

    // The randomly generated crypto key to encrypt the data.
    String transientKeyName = "YOUR_TRANSIENT_CRYPTO_KEY";
    deIdentifyWithCryptHashTransformation(projectId, tableToDeIdentify, transientKeyName);
  }

  // Transforms findings using a cryptographic hash transformation.
  public static void deIdentifyWithCryptHashTransformation(
      String projectId, Table tableToDeIdentify, String transientKeyName) throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests. After completing all of your requests, call
    // the "close" method on the client to safely clean up any remaining background resources.
    try (DlpServiceClient dlp = DlpServiceClient.create()) {
      // Specify what content you want the service to DeIdentify
      ContentItem contentItem = ContentItem.newBuilder().setTable(tableToDeIdentify).build();

      // Specify the type of info the inspection will look for.
      // See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
      List<InfoType> infoTypes =
          Stream.of("PHONE_NUMBER", "EMAIL_ADDRESS")
              .map(it -> InfoType.newBuilder().setName(it).build())
              .collect(Collectors.toList());

      InspectConfig inspectConfig = InspectConfig.newBuilder()
              .addAllInfoTypes(infoTypes)
              .build();

      // Specify the transient key which will encrypt the data.
      TransientCryptoKey transientCryptoKey = TransientCryptoKey.newBuilder()
              .setName(transientKeyName)
              .build();

      CryptoKey cryptoKey = CryptoKey.newBuilder()
              .setTransient(transientCryptoKey)
              .build();

      // Specify how the info from the inspection should be encrypted.
      CryptoHashConfig cryptoHashConfig = CryptoHashConfig.newBuilder()
              .setCryptoKey(cryptoKey)
              .build();

      // Define type of de-identification as cryptographic hash transformation.
      PrimitiveTransformation primitiveTransformation = PrimitiveTransformation.newBuilder()
              .setCryptoHashConfig(cryptoHashConfig)
              .build();

      InfoTypeTransformations.InfoTypeTransformation infoTypeTransformation =
          InfoTypeTransformations.InfoTypeTransformation.newBuilder()
              .setPrimitiveTransformation(primitiveTransformation)
              .addAllInfoTypes(infoTypes)
              .build();

      InfoTypeTransformations transformations = InfoTypeTransformations.newBuilder()
              .addTransformations(infoTypeTransformation)
              .build();

      // Specify the config for the de-identify request
      DeidentifyConfig deidentifyConfig = DeidentifyConfig.newBuilder()
              .setInfoTypeTransformations(transformations)
              .build();

      // Combine configurations into a request for the service.
      DeidentifyContentRequest request =
          DeidentifyContentRequest.newBuilder()
              .setParent(LocationName.of(projectId, "global").toString())
              .setItem(contentItem)
              .setInspectConfig(inspectConfig)
              .setDeidentifyConfig(deidentifyConfig)
              .build();

      // Send the request and receive response from the service
      DeidentifyContentResponse response = dlp.deidentifyContent(request);

      // Print the results
      System.out.println("Table after de-identification: " + response.getItem().getTable());
    }
  }
}

Node.js

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');

// Instantiates a client
const dlp = new DLP.DlpServiceClient();

// The project ID to run the API call under
// const projectId = 'my-project';

// Crypto key
// const transientKeyName = 'YOUR_TRANSIENT_CRYPTO_KEY';

// The table to de-identify.
const tableToDeIdentify = {
  headers: [{name: 'userid'}, {name: 'comments'}],
  rows: [
    {
      values: [
        {stringValue: 'user1@example.org'},
        {
          stringValue:
            'my email is user1@example.org and phone is 858-555-0222',
        },
      ],
    },
    {
      values: [
        {stringValue: 'user2@example.org'},
        {
          stringValue:
            'my email is user2@example.org and phone is 858-555-0223',
        },
      ],
    },
    {
      values: [
        {stringValue: 'user3@example.org'},
        {
          stringValue:
            'my email is user3@example.org and phone is 858-555-0224',
        },
      ],
    },
  ],
};
async function deIdentifyTableWithCryptoHash() {
  // Specify crypto hash configuration that uses transient key.
  const cryptoHashConfig = {
    cryptoKey: {
      transient: {
        name: transientKeyName,
      },
    },
  };

  // Construct de-identify request that uses crypto hash configuration.
  const request = {
    parent: `projects/${projectId}/locations/global`,
    deidentifyConfig: {
      infoTypeTransformations: {
        transformations: [
          {
            primitiveTransformation: {
              cryptoHashConfig: cryptoHashConfig,
            },
            infoTypes: [{name: 'PHONE_NUMBER'}, {name: 'EMAIL_ADDRESS'}],
          },
        ],
      },
    },
    item: {table: tableToDeIdentify},
  };

  // Send the request and receive response from the service.
  const [response] = await dlp.deidentifyContent(request);
  const deidentifiedTable = response.item.table;

  // Print the results.
  console.log(
    `Table after de-identification:\n${JSON.stringify(
      deidentifiedTable,
      null,
      2
    )}`
  );
}

deIdentifyTableWithCryptoHash();

PHP

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CryptoHashConfig;
use Google\Cloud\Dlp\V2\CryptoKey;
use Google\Cloud\Dlp\V2\DeidentifyConfig;
use Google\Cloud\Dlp\V2\DeidentifyContentRequest;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InfoTypeTransformations;
use Google\Cloud\Dlp\V2\InfoTypeTransformations\InfoTypeTransformation;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\PrimitiveTransformation;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\TransientCryptoKey;
use Google\Cloud\Dlp\V2\Value;

/**
 * De-identify table data with crypto hash.
 * Transform findings using a cryptographic hash transformation.
 *
 * @param string $callingProjectId          The Google Cloud project id to use as a parent resource.
 * @param string $inputCsvFile              The input file(csv) path  to deidentify.
 * @param string $outputCsvFile             The oupt file path to save deidentify content.
 * @param string $transientCryptoKeyName    Specify the random string.
 */

function deidentify_table_with_crypto_hash(
    // TODO(developer): Replace sample parameters before running the code.
    string $callingProjectId,
    string $inputCsvFile = './test/data/table5.csv',
    string $outputCsvFile = './test/data/deidentify_table_with_crypto_hash_output.csv',
    string $transientCryptoKeyName = 'YOUR-TRANSIENT-CRYPTO-KEY'
): void {
    // Instantiate a client.
    $dlp = new DlpServiceClient();

    $parent = "projects/$callingProjectId/locations/global";

    // Read a CSV file.
    $csvLines = file($inputCsvFile, FILE_IGNORE_NEW_LINES);
    $csvHeaders = explode(',', $csvLines[0]);
    $csvRows = array_slice($csvLines, 1);

    // Convert CSV file into protobuf objects.
    $tableHeaders = array_map(function ($csvHeader) {
        return (new FieldId)
            ->setName($csvHeader);
    }, $csvHeaders);

    $tableRows = array_map(function ($csvRow) {
        $rowValues = array_map(function ($csvValue) {
            return (new Value())
                ->setStringValue($csvValue);
        }, explode(',', $csvRow));
        return (new Row())
            ->setValues($rowValues);
    }, $csvRows);

    // Construct the table object.
    $tableToDeIdentify = (new Table())
        ->setHeaders($tableHeaders)
        ->setRows($tableRows);

    // Specify what content you want the service to de-identify.
    $content = (new ContentItem())
        ->setTable($tableToDeIdentify);

    // Specify the type of info the inspection will look for.
    // See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
    $infoTypes = [
        (new InfoType())->setName('EMAIL_ADDRESS'),
        (new InfoType())->setName('PHONE_NUMBER')
    ];

    $inspectConfig = (new InspectConfig())
        ->setInfoTypes($infoTypes);

    // Specify the transient key which will encrypt the data.
    $cryptoKey = (new CryptoKey())
        ->setTransient((new TransientCryptoKey())
            ->setName($transientCryptoKeyName));

    // Specify how the info from the inspection should be encrypted.
    $cryptoHashConfig = (new CryptoHashConfig())
        ->setCryptoKey($cryptoKey);

    // Define type of de-identification as cryptographic hash transformation.
    $primitiveTransformation = (new PrimitiveTransformation())
        ->setCryptoHashConfig($cryptoHashConfig);

    $infoTypeTransformation = (new InfoTypeTransformation())
        ->setPrimitiveTransformation($primitiveTransformation)
        ->setInfoTypes($infoTypes);

    $infoTypeTransformations = (new InfoTypeTransformations())
        ->setTransformations([$infoTypeTransformation]);

    // Specify the config for the de-identify request
    $deidentifyConfig = (new DeidentifyConfig())
        ->setInfoTypeTransformations($infoTypeTransformations);

    // Send the request and receive response from the service.
    $deidentifyContentRequest = (new DeidentifyContentRequest())
        ->setParent($parent)
        ->setInspectConfig($inspectConfig)
        ->setDeidentifyConfig($deidentifyConfig)
        ->setItem($content);
    $response = $dlp->deidentifyContent($deidentifyContentRequest);

    // Print the results.
    $csvRef = fopen($outputCsvFile, 'w');
    fputcsv($csvRef, $csvHeaders);
    foreach ($response->getItem()->getTable()->getRows() as $tableRow) {
        $values = array_map(function ($tableValue) {
            return $tableValue->getStringValue();
        }, iterator_to_array($tableRow->getValues()));
        fputcsv($csvRef, $values);
    };
    printf('Table after deidentify (File Location): %s', $outputCsvFile);
}

Python

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证

from typing import Dict, List, Union

import google.cloud.dlp

def deidentify_table_with_crypto_hash(
    project: str,
    table_data: Dict[str, Union[List[str], List[List[str]]]],
    info_types: List[str],
    transient_key_name: str,
) -> None:
    """Uses the Data Loss Prevention API to de-identify sensitive data
    in a table using a cryptographic hash transformation.
    Args:
        project: The Google Cloud project id to use as a parent resource.
        table_data: Dictionary representing table data.
        info_types: A list of strings representing info types to look for.
            A full list of info type categories can be fetched from the API.
        transient_key_name: Name of the transient crypto key used for encryption.
            The scope of this key is a single API call. It is generated for
            the transformation and then discarded.
    """

    # Instantiate a client
    dlp = google.cloud.dlp_v2.DlpServiceClient()

    # Construct the `table`. For more details on the table schema, please see
    # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
    headers = [{"name": val} for val in table_data["header"]]
    rows = []
    for row in table_data["rows"]:
        rows.append({"values": [{"string_value": cell_val} for cell_val in row]})

    table = {"headers": headers, "rows": rows}

    # Construct the `item` that service will de-identify.
    item = {"table": table}

    # Prepare info_types by converting the list of strings into a list of
    # dictionaries.
    info_types = [{"name": info_type} for info_type in info_types]

    # Construct cryptographic hash configuration using the transient key
    # which will encrypt the data.
    crypto_hash_config = {"crypto_key": {"transient": {"name": transient_key_name}}}

    # Specify the type of info the inspection will look for.
    inspect_config = {
        "info_types": info_types,
    }

    # Construct deidentify configuration dictionary.
    deidentify_config = {
        "info_type_transformations": {
            "transformations": [
                {
                    "info_types": info_types,
                    "primitive_transformation": {
                        "crypto_hash_config": crypto_hash_config
                    },
                }
            ]
        }
    }

    # Convert the project id into a full resource id.
    parent = f"projects/{project}/locations/global"

    # Call the API.
    response = dlp.deidentify_content(
        request={
            "parent": parent,
            "deidentify_config": deidentify_config,
            "inspect_config": inspect_config,
            "item": item,
        }
    )

    # Print the result.
    print(f"Table after de-identification: {response.item.table}")

REST

    {
      "inspectConfig":{
        "infoTypes":[
          {
            "name":"EMAIL_ADDRESS"
          },
          {
            "name":"PHONE_NUMBER"
          }
        ]
      },
      "deidentifyConfig":{
        "infoTypeTransformations":{
          "transformations":[
            {
              "infoTypes":[
                {
                  "name":"EMAIL_ADDRESS"
                },
                {
                  "name":"PHONE_NUMBER"
                }
              ],
              "primitiveTransformation":{
                "cryptoHashConfig":{
                  "cryptoKey":{
                    "transient":{
                      "name":"[TRANSIENT-CRYPTO-KEY]"
                    }
                  }
                }
              }
            }
          ]
        }
      },
      "item":{
        "table":{
          "headers":[
            {
              "name":"userid"
            },
            {
              "name":"comments"
            }
          ],
          "rows":[
            {
              "values":[
                {
                  "stringValue":"abby_abernathy@example.org"
                },
                {
                  "stringValue":"my email is abby_abernathy@example.org and phone is 858-555-0222"
                }
              ]
            },
            {
              "values":[
                {
                  "stringValue":"bert_beauregard@example.org"
                },
                {
                  "stringValue":"my email is bert_beauregard@example.org and phone is 858-555-0223"
                }
              ]
            },
            {
              "values":[
                {
                  "stringValue":"cathy_crenshaw@example.org"
                },
                {
                  "stringValue":"my email is cathy_crenshaw@example.org and phone is 858-555-0224"
                }
              ]
            }
          ]
        }
      }
    }

使用两种单独的加密哈希转换来转换结果

下面的示例演示了如何在单个去标识化配置的不同转换中使用不同的加密密钥。首先,声明“userid”字段的字段转换。该转换不包含任何 infoType 转换,因此每行中的“userid”字段都会进行转换,无论其数据类型为何。然后,声明另一个字段转换,该转换位于“备注”字段上。

输入:

userid 备注
user1@example.org 我的电子邮件是 user1@example.org,电话是 858-555-0222
abbyabernathy1 我的 userid 是 abbyabernathy1,我的电子邮件是 abernauth@example.com

转换后的表

userid 备注
5WvS4+aJtCCwWWG79cmRNamDgyvJ+CkuwNpA2gaR1VQ= 我的电子邮件是 vjqGLaA6+NUUnZAWXpI72lU1GfwQdOKu7XqWaJPcvQQ=,电话是 BY+mSXXTu6mOoX5pr0Xbse60uelsSHmwRCq6HcscKtk=
t0dOmHvkT0VsM++SVmESVKHenLkmhBmFezH3hSDldDg= 我的 userid 是 abbyabernathy1,我的电子邮件是 TQ3ancdUn9zgwO5qe6ahkmVrBuNhvlMknxjPjIt0N2w=

APIs Explorer 示例

C#

如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库

如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证


using System;
using System.Collections.Generic;
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;

public class DeidentifyTableWithMultipleCryptoHash
{
    public static Table Deidentify(
        string projectId,
        Table tableToDeidentify = null,
        IEnumerable<InfoType> infoTypes = null,
        string transientKeyName1 = null,
        string transientKeyName2 = null)
    {
        // Instantiate the client.
        var dlp = DlpServiceClient.Create();

        // Construct the table if null.
        if (tableToDeidentify == null)
        {
            var row1 = new Value[]
            {
                new Value { StringValue = "user1@example.org" },
                new Value { StringValue = "my email is user1@example.org and phone is 858-555-0222" }
            };
            var row2 = new Value[]
            {
                new Value { StringValue = "user2@example.org" },
                new Value { StringValue = "my email is user2@example.org and phone is 858-555-0223" }
            };
            var row3 = new Value[]
            {
                new Value { StringValue = "user3@example.org" },
                new Value { StringValue = "my email is user3@example.org and phone is 858-555-0224" }
            };

            tableToDeidentify = new Table
            {
                Headers =
                {
                    new FieldId { Name = "User ID" },
                    new FieldId { Name = "comments" }
                },
                Rows =
                {
                    new Table.Types.Row { Values = { row1 } },
                    new Table.Types.Row { Values = { row2 } },
                    new Table.Types.Row { Values = { row3 } }
                }
            };
        }

        // Specify the table and construct the content item.
        var contentItem = new ContentItem { Table = tableToDeidentify };

        // Construct the crypto hash config for primitive transformation using
        // transient crypto key name.
        var cryptoHashConfig1 = new CryptoHashConfig
        {
            CryptoKey = new CryptoKey
            {
                Transient = new TransientCryptoKey
                {
                    Name = transientKeyName1 ?? "[TRANSIENT-CRYPTO-KEY-1]"
                }
            }
        };

        // Construct the crypto hash config for infoType transformation using
        // transient crypto key name.
        var cryptoHashConfig2 = new CryptoHashConfig
        {
            CryptoKey = new CryptoKey
            {
                Transient = new TransientCryptoKey
                {
                    Name = transientKeyName2 ?? "[TRANSIENT-CRYPTO-KEY-2]"
                }
            }
        };

        // Construct the infoTypes by specifying the type of info to be inspected if null.
        var infotypes = infoTypes ?? new InfoType[]
        {
            new InfoType { Name = "EMAIL_ADDRESS" },
            new InfoType { Name = "PERSON_NAME" }
        };

        // Construct the deidentify config using crypto hash configs.
        var deidentifyConfig = new DeidentifyConfig
        {
            RecordTransformations = new RecordTransformations
            {
                FieldTransformations =
                {
                    new FieldTransformation
                    {
                        Fields = { new FieldId[] { new FieldId { Name = "User ID" } } },
                        PrimitiveTransformation = new PrimitiveTransformation
                        {
                            CryptoHashConfig = cryptoHashConfig1
                        }
                    },
                    new FieldTransformation
                    {
                        Fields = { new FieldId[] { new FieldId { Name = "comments" } } },
                        InfoTypeTransformations =  new InfoTypeTransformations
                        {
                            Transformations =
                            {
                                new InfoTypeTransformations.Types.InfoTypeTransformation
                                {
                                    PrimitiveTransformation = new PrimitiveTransformation
                                    {
                                        CryptoHashConfig = cryptoHashConfig2
                                    },
                                    InfoTypes = { infotypes }
                                }
                            }
                        }
                    }
                }
            }
        };

        // Construct the inspect config.
        var ins