敏感数据保护可以隐去图片中的敏感文本。敏感数据保护使用 infoType 检测器和 Cloud Vision 检查图片中的文本,检测文本中的敏感数据,然后返回图片,其中包含任何由不透明矩形遮挡的匹配敏感数据。
例如,请参考下面这两张“遮盖前”和“遮盖后”的图片。原始图片是通过扫描纸质文档生成的典型图片文件示例。在此示例中,敏感数据保护已配置为根据内容使用不同颜色的矩形遮盖美国社会保障号、电子邮件地址和电话号码。
- 图片遮盖前的扫描图片
- 图片遮盖后的扫描图片
限制和注意事项
在隐去图片中的内容时,请考虑以下几点。
支持的文件类型
敏感数据保护可以遮盖许多类型(包括 JPEG、BMP 和 PNG)中的敏感数据。如需了解详情,请参阅支持的文件类型。
SVG、PDF、XLSX、PPTX 或 DOCX 文件不支持内容隐去功能。
发现结果限制
隐去图片中的数据时,发现结果限制不适用。它们可能会导致意外或可能不一致的结果,其中只有部分数据会被遮盖。如果您在请求中包含 FindingLimits
,敏感数据保护会生成错误。
准备工作
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Enable the DLP API.
-
Create a service account:
-
In the Google Cloud console, go to the Create service account page.
Go to Create service account - Select your project.
-
In the Service account name field, enter a name. The Google Cloud console fills in the Service account ID field based on this name.
In the Service account description field, enter a description. For example,
Service account for quickstart
. - Click Create and continue.
-
Grant the Project > Owner role to the service account.
To grant the role, find the Select a role list, then select Project > Owner.
- Click Continue.
-
Click Done to finish creating the service account.
Do not close your browser window. You will use it in the next step.
-
-
Create a service account key:
- In the Google Cloud console, click the email address for the service account that you created.
- Click Keys.
- Click Add key, and then click Create new key.
- Click Create. A JSON key file is downloaded to your computer.
- Click Close.
-
Set the environment variable
GOOGLE_APPLICATION_CREDENTIALS
to the path of the JSON file that contains your credentials. This variable applies only to your current shell session, so if you open a new session, set the variable again.Example: Linux or macOS
export GOOGLE_APPLICATION_CREDENTIALS="
KEY_PATH
"Replace
KEY_PATH
with the path of the JSON file that contains your credentials.For example:
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
Example: Windows
For PowerShell:
$env:GOOGLE_APPLICATION_CREDENTIALS="
KEY_PATH
"Replace
KEY_PATH
with the path of the JSON file that contains your credentials.For example:
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\service-account-file.json"
For command prompt:
set GOOGLE_APPLICATION_CREDENTIALS=
KEY_PATH
Replace
KEY_PATH
with the path of the JSON file that contains your credentials. - Install the Google Cloud CLI.
-
Configure the gcloud CLI to use your federated identity.
For more information, see Browser-based sign-in with the gcloud CLI.
-
To initialize the gcloud CLI, run the following command:
gcloud init
遮盖图片中的所有默认 infoType
如需遮盖图片中的敏感数据,请向 DLP API 的 image.redact
方法提交图片。除非您指定要搜索的特定信息类型 (infoTypes),否则敏感数据保护会搜索最常见的 infoType。
如需隐去图片中的默认 infoType,请执行以下操作:
将图片编码为 base64 字符串。
如果您打算使用某个敏感数据保护客户端库来执行此任务,请跳过此步骤。
向
image.redact
方法提交请求。如果要隐去默认 infoType,请求只需要 base64 编码的图片。
例如,请参考下面的图片:这是通过扫描纸质文档生成的典型图片文件示例。
如需遮盖图片中的默认 infoType,请向 DLP API 的 image.redact
方法发送以下请求:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;
public class RedactSensitiveDataFromImageUsingDefaultInfoTypes
{
public static RedactImageResponse RedactImage(
string projectId,
string originalImagePath,
string redactedImagePath)
{
// Instantiate the dlp client.
var dlp = DlpServiceClient.Create();
// Construct the content item.
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.ImagePng,
Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
};
// Construct the Redact request to be sent by the client. Do not specify the type of info to redact.
var request = new RedactImageRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
ByteItem = byteContentItem
};
// Call the API.
var response = dlp.RedactImage(request);
// Inspect the response.
Console.WriteLine($"Redacted image written to: {redactedImagePath}");
// Writes redacted image into file
response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
"io/ioutil"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// redactImageFileAllInfoTypes redact sensitive data from an image using default infoTypes.
func redactImageFileAllInfoTypes(w io.Writer, projectID, inputPath, outputPath string) error {
// projectId := "my-project-id"
// inputPath := "testdata/image.jpg"
// outputPath := "testdata/test-output-image-file-all-infoType.jpeg"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// read the image file.
fileBytes, err := ioutil.ReadFile(inputPath)
if err != nil {
fmt.Fprintf(w, "ioutil.ReadFile: %v", err)
return err
}
// Specify the content to be redacted.
byteItem := &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_IMAGE_JPEG,
Data: fileBytes,
}
// Construct the Redact request to be sent by the client.
// Do not specify the type of info to redact.
req := &dlppb.RedactImageRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
ByteItem: byteItem,
}
// Send the request.
resp, err := client.RedactImage(ctx, req)
if err != nil {
return err
}
// Write the output file.
if err := ioutil.WriteFile(outputPath, resp.GetRedactedImage(), 0644); err != nil {
return err
}
fmt.Fprintf(w, "Wrote output to %s", outputPath)
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
class RedactImageFileAllInfoTypes {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "my-project-id";
String inputPath = "src/test/resources/sensitive-data-image.jpeg";
String outputPath = "sensitive-data-image-redacted.jpeg";
redactImageFileAllInfoTypes(projectId, inputPath, outputPath);
}
static void redactImageFileAllInfoTypes(String projectId, String inputPath, String outputPath)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the content to be redacted.
ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
ByteContentItem byteItem =
ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();
// Construct the Redact request to be sent by the client.
// Do not specify the type of info to redact.
RedactImageRequest request =
RedactImageRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setByteItem(byteItem)
.build();
// Use the client to send the API request.
RedactImageResponse response = dlp.redactImage(request);
// Parse the response and process results.
FileOutputStream redacted = new FileOutputStream(outputPath);
redacted.write(response.getRedactedImage().toByteArray());
redacted.close();
System.out.println("Redacted image written to " + outputPath);
}
}
}
Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Imports required Node.js libraries
const mime = require('mime');
const fs = require('fs');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The path to a local file to inspect. Can be a JPG or PNG image file.
// const filepath = 'path/to/image.png';
// The local path to save the resulting image to.
// const outputPath = 'result.png';
async function redactImage() {
// Specify the content to be redacted.
const fileTypeConstant =
['image/jpeg', 'image/bmp', 'image/png', 'image/svg'].indexOf(
mime.getType(filepath)
) + 1;
const fileBytes = Buffer.from(fs.readFileSync(filepath)).toString('base64');
// Construct the Redact request to be sent by the client.
// Do not specify the type of info to redact.
const request = {
parent: `projects/${projectId}/locations/global`,
byteItem: {
type: fileTypeConstant,
data: fileBytes,
},
};
// Use the client to send the API request.
const [response] = await dlp.redactImage(request);
// Parse the response and process results.
const image = response.redactedImage;
fs.writeFileSync(outputPath, image);
console.log(`Saved image redaction results to path: ${outputPath}`);
}
redactImage();
PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\ByteContentItem;
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\RedactImageRequest;
/**
* Redact sensitive data from an image using default infoTypes.
*
* @param string $callingProjectId The project ID to run the API call under.
* @param string $imagePath The local filepath of the image to inspect.
* @param string $outputPath The local filepath to save the resulting image to.
*/
function redact_image_all_infotypes(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $imagePath = './test/data/test.png',
string $outputPath = './test/data/redact_image_all_infotypes.png'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// Read image file into a buffer.
$imageRef = fopen($imagePath, 'rb');
$imageBytes = fread($imageRef, filesize($imagePath));
fclose($imageRef);
// Get the image's content type.
$typeConstant = (int) array_search(
mime_content_type($imagePath),
[false, 'image/jpeg', 'image/bmp', 'image/png', 'image/svg']
);
// Create the byte-storing object.
$byteContent = (new ByteContentItem())
->setType($typeConstant)
->setData($imageBytes);
$parent = "projects/$callingProjectId/locations/global";
// Run request.
$redactImageRequest = (new RedactImageRequest())
->setParent($parent)
->setByteItem($byteContent);
$response = $dlp->redactImage($redactImageRequest);
// Save result to file.
file_put_contents($outputPath, $response->getRedactedImage());
// Print completion message.
printf('Redacted image saved to %s ' . PHP_EOL, $outputPath);
}
Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def redact_image_all_info_types(
project: str,
filename: str,
output_filename: str,
) -> None:
"""Uses the Data Loss Prevention API to redact protected data in an image.
Args:
project: The Google Cloud project id to use as a parent resource.
filename: The path to the file to inspect.
output_filename: The path to which the redacted image will be written.
A full list of info type categories can be fetched from the API.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct the byte_item, containing the file's byte data.
with open(filename, mode="rb") as f:
byte_item = {"type_": google.cloud.dlp_v2.FileType.IMAGE, "data": f.read()}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.redact_image(
request={
"parent": parent,
"byte_item": byte_item,
}
)
# Write out the results.
with open(output_filename, mode="wb") as f:
f.write(response.redacted_image)
print(f"Wrote {len(response.redacted_image)} to {output_filename}")
REST
{ "byteItem": { "data": "[BASE64-ENCODED-IMAGE]", "type": "IMAGE_JPEG" } }
敏感数据保护会返回以下内容:
{ "redactedImage": "[BASE64-ENCODED-IMAGE]" }
对 base64 编码的图片进行解码。
生成的图片如下所示:
请注意,除了遮盖手写的社会保障号、电子邮件地址和手机号码之外,敏感数据保护还遮盖了年份。下一部分演示了如何仅遮盖某些 infoType。
遮盖图片中的特定 infoType
如果您只需要遮盖图片中的某些敏感数据,请指定这些数据相应的内置 infoType。
如需隐去图片中的特定 infoType,请向 DLP API 的 image.redact
方法提交请求。请求必须包含以下内容:
- 图片。
- 一个或多个 infoType 检测器。
请参考上一部分中的原始图片。如要仅遮盖美国社会保障号、电子邮件地址和电话号码,请将以下 JSON 发送到 DLP API 的 image.redact
方法:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;
public class RedactImageWithListedInfotypes
{
public static RedactImageResponse Redact(string projectId, string originalImagePath, string redactedImagePath)
{
var request = new RedactImageRequest
{
Parent = new LocationName(projectId, "global").ToString(),
InspectConfig = new InspectConfig
{
MinLikelihood = Likelihood.Likely,
Limits = new InspectConfig.Types.FindingLimits() { MaxFindingsPerItem = 5 },
IncludeQuote = true,
InfoTypes =
{
new InfoType { Name = "PHONE_NUMBER" },
new InfoType { Name = "EMAIL_ADDRESS" }
}
},
ByteItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.ImagePng,
Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
},
};
var client = DlpServiceClient.Create();
var response = client.RedactImage(request);
Console.WriteLine($"Extracted text: {response.ExtractedText}");
// Writes redacted image into file
response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
"io/ioutil"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// redactImageFileListedInfoTypes redacts only certain sensitive
// data from an image using infoTypes
func redactImageFileListedInfoTypes(w io.Writer, projectID, inputPath, outputPath string) error {
// projectId := "my-project-id"
// inputPath := "testdata/image.jpg"
// outputPath := "testdata/test-output-image-file-listed-infoTypes-redacted.jpeg"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// read the image file
fileBytes, err := ioutil.ReadFile(inputPath)
if err != nil {
return err
}
// Specify the content to be redacted.
byteItem := &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_IMAGE_JPEG,
Data: fileBytes,
}
// Specify the types of info necessary to redact.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
infoTypes := []*dlppb.InfoType{
{Name: "US_SOCIAL_SECURITY_NUMBER"},
{Name: "EMAIL_ADDRESS"},
{Name: "PHONE_NUMBER"},
}
inspectConfig := &dlppb.InspectConfig{
InfoTypes: infoTypes,
}
// Prepare redaction configs.
var x []*dlppb.RedactImageRequest_ImageRedactionConfig
for _, v := range infoTypes {
x = append(x, &dlppb.RedactImageRequest_ImageRedactionConfig{Target: &dlppb.RedactImageRequest_ImageRedactionConfig_InfoType{InfoType: v}})
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.RedactImageRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
ByteItem: byteItem,
ImageRedactionConfigs: x,
InspectConfig: inspectConfig,
}
// Send the request.
resp, err := client.RedactImage(ctx, req)
if err != nil {
return err
}
// Write the output file.
if err := ioutil.WriteFile(outputPath, resp.GetRedactedImage(), 0644); err != nil {
return err
}
fmt.Fprintf(w, "Wrote output to %s\n", outputPath)
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
class RedactImageFileListedInfoTypes {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "my-project-id";
String inputPath = "src/test/resources/sensitive-data-image.jpeg";
String outputPath = "sensitive-data-image-redacted.jpeg";
redactImageFileListedInfoTypes(projectId, inputPath, outputPath);
}
static void redactImageFileListedInfoTypes(String projectId, String inputPath, String outputPath)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the content to be redacted.
ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
ByteContentItem byteItem =
ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();
// Specify the types of info necessary to redact.
List<InfoType> infoTypes = new ArrayList<>();
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
for (String typeName :
new String[] {"US_SOCIAL_SECURITY_NUMBER", "EMAIL_ADDRESS", "PHONE_NUMBER"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
InspectConfig inspectConfig = InspectConfig.newBuilder().addAllInfoTypes(infoTypes).build();
// Prepare redaction configs.
List<ImageRedactionConfig> imageRedactionConfigs =
infoTypes.stream()
.map(infoType -> ImageRedactionConfig.newBuilder().setInfoType(infoType).build())
.collect(Collectors.toList());
// Construct the Redact request to be sent by the client.
RedactImageRequest request =
RedactImageRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setByteItem(byteItem)
.addAllImageRedactionConfigs(imageRedactionConfigs)
.setInspectConfig(inspectConfig)
.build();
// Use the client to send the API request.
RedactImageResponse response = dlp.redactImage(request);
// Parse the response and process results.
FileOutputStream redacted = new FileOutputStream(outputPath);
redacted.write(response.getRedactedImage().toByteArray());
redacted.close();
System.out.println("Redacted image written to " + outputPath);
}
}
}
Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Imports required Node.js libraries
const mime = require('mime');
const fs = require('fs');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The path to a local file to inspect. Can be a JPG or PNG image file.
// const filepath = 'path/to/image.png';
// The infoTypes of information to redact
// const infoTypes = [{ name: 'EMAIL_ADDRESS' }, { name: 'PHONE_NUMBER' }];
// The local path to save the resulting image to.
// const outputPath = 'result.png';
async function redactImageWithInfoTypes() {
// Load image
const fileTypeConstant =
['image/jpeg', 'image/bmp', 'image/png', 'image/svg'].indexOf(
mime.getType(filepath)
) + 1;
const fileBytes = Buffer.from(fs.readFileSync(filepath)).toString('base64');
// Construct image redaction request
const request = {
parent: `projects/${projectId}/locations/global`,
byteItem: {
type: fileTypeConstant,
data: fileBytes,
},
inspectConfig: {
infoTypes: infoTypes,
},
imageRedactionConfigs: infoTypes.map(infoType => ({infoType: infoType})),
};
// Run image redaction request
const [response] = await dlp.redactImage(request);
const image = response.redactedImage;
fs.writeFileSync(outputPath, image);
console.log(`Saved image redaction results to path: ${outputPath}`);
}
redactImageWithInfoTypes();
PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\ByteContentItem;
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\RedactImageRequest;
use Google\Cloud\Dlp\V2\RedactImageRequest\ImageRedactionConfig;
/**
* Redact only certain sensitive data from an image using infoTypes.
*
* @param string $callingProjectId The project ID to run the API call under.
* @param string $imagePath The local filepath of the image to redact.
* @param string $outputPath The local filepath to save the resulting image to.
*/
function redact_image_listed_infotypes(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $imagePath = './test/data/test.png',
string $outputPath = './test/data/redact_image_listed_infotypes.png'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// Specify the types of info necessary to redact.
$infoTypes = [
(new InfoType())
->setName('US_SOCIAL_SECURITY_NUMBER'),
(new InfoType())
->setName('EMAIL_ADDRESS'),
(new InfoType())
->setName('PHONE_NUMBER'),
];
// Create the configuration object.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infoTypes);
// Read image file into a buffer.
$imageRef = fopen($imagePath, 'rb');
$imageBytes = fread($imageRef, filesize($imagePath));
fclose($imageRef);
// Get the image's content type.
$typeConstant = (int) array_search(
mime_content_type($imagePath),
[false, 'image/jpeg', 'image/bmp', 'image/png', 'image/svg']
);
// Create the byte-storing object.
$byteContent = (new ByteContentItem())
->setType($typeConstant)
->setData($imageBytes);
// Create the image redaction config objects.
$imageRedactionConfigs = [];
foreach ($infoTypes as $infoType) {
$config = (new ImageRedactionConfig())
->setInfoType($infoType);
$imageRedactionConfigs[] = $config;
}
$parent = "projects/$callingProjectId/locations/global";
// Run request.
$redactImageRequest = (new RedactImageRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setByteItem($byteContent)
->setImageRedactionConfigs($imageRedactionConfigs);
$response = $dlp->redactImage($redactImageRequest);
// Save result to file.
file_put_contents($outputPath, $response->getRedactedImage());
// Print completion message.
printf('Redacted image saved to %s' . PHP_EOL, $outputPath);
}
Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import mimetypes
from typing import List, Optional
import google.cloud.dlp
def redact_image_listed_info_types(
project: str,
filename: str,
output_filename: str,
info_types: List[str],
min_likelihood: Optional[str] = None,
mime_type: Optional[str] = None,
) -> None:
"""Uses the Data Loss Prevention API to redact protected data in an image.
Args:
project: The Google Cloud project id to use as a parent resource.
filename: The path to the file to inspect.
output_filename: The path to which the redacted image will be written.
A full list of info type categories can be fetched from the API.
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
min_likelihood: A string representing the minimum likelihood threshold
that constitutes a match. One of: 'LIKELIHOOD_UNSPECIFIED',
'VERY_UNLIKELY', 'UNLIKELY', 'POSSIBLE', 'LIKELY', 'VERY_LIKELY'.
mime_type: The MIME type of the file. If not specified, the type is
inferred via the Python standard library's mimetypes module.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Prepare info_types by converting the list of strings into a list of
# dictionaries (protos are also accepted).
info_types = [{"name": info_type} for info_type in info_types]
# Prepare image_redaction_configs, a list of dictionaries. Each dictionary
# contains an info_type and optionally the color used for the replacement.
# The color is omitted in this sample, so the default (black) will be used.
image_redaction_configs = []
if info_types is not None:
for info_type in info_types:
image_redaction_configs.append({"info_type": info_type})
# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {"min_likelihood": min_likelihood, "info_types": info_types}
# If mime_type is not specified, guess it from the filename.
if mime_type is None:
mime_guess = mimetypes.MimeTypes().guess_type(filename)
mime_type = mime_guess[0] or "application/octet-stream"
# Select the content type index from the list of supported types.
supported_content_types = {
None: 0, # "Unspecified"
"image/jpeg": 1,
"image/bmp": 2,
"image/png": 3,
"image/svg": 4,
"text/plain": 5,
}
content_type_index = supported_content_types.get(mime_type, 0)
# Construct the byte_item, containing the file's byte data.
with open(filename, mode="rb") as f:
byte_item = {"type_": content_type_index, "data": f.read()}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.redact_image(
request={
"parent": parent,
"inspect_config": inspect_config,
"image_redaction_configs": image_redaction_configs,
"byte_item": byte_item,
}
)
# Write out the results.
with open(output_filename, mode="wb") as f:
f.write(response.redacted_image)
print(f"Wrote {len(response.redacted_image)} to {output_filename}")
REST
{ "byteItem": { "data": "[BASE64-ENCODED-IMAGE]", "type": "IMAGE_JPEG" }, "imageRedactionConfigs": [ { "infoType": { "name": "US_SOCIAL_SECURITY_NUMBER" } }, { "infoType": { "name": "EMAIL_ADDRESS" } }, { "infoType": { "name": "PHONE_NUMBER" } } ] }
敏感数据保护会返回以下内容:
{ "redactedImage": "[BASE64-ENCODED-IMAGE]" }
对 base64 编码的图片进行解码。
生成的图片如下所示:
如果您想一目了然地查看被遮盖的内容,可以为遮盖的 infoType 信息添加颜色。请参阅以下部分了解详情。
为图片中遮盖的 infoType 添加颜色
要为遮盖的 infoType 信息添加颜色,请将 infoType 检测器与 RGB 颜色空间值配对。
如需为图片中隐去的 infoType 添加颜色,请向 DLP API 的 image.redact
方法提交请求。请求必须包含以下内容:
- 图片。
- 一个或多个 infoType 检测器,使用 RGB 颜色空间值为每个检测器分配一种颜色。
请参考第一部分中的原始图片。要使用紫色框遮盖美国社会保障号、使用绿色框遮盖电子邮件地址以及使用橙色框遮盖电话号码,请将以下 JSON 发送到 DLP API 的 image.redact
方法:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;
public class RedactImageWithColorCodedInfoTypes
{
public static RedactImageResponse RedactImage(
string projectId,
string originalImagePath,
string redactedImagePath)
{
// Instantiate the dlp client.
var dlp = DlpServiceClient.Create();
// Construct the content item by providing the image and its type.
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.ImagePng,
Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
};
// Define types of info and associate each one with a different color to redact config.
var ssnRedactionConfig = new RedactImageRequest.Types.ImageRedactionConfig
{
InfoType = new InfoType { Name = "US_SOCIAL_SECURITY_NUMBER" },
RedactionColor = new Color
{
Red = 0.3f,
Green = 0.1f,
Blue = 0.6f
}
};
var emailRedactionConfig = new RedactImageRequest.Types.ImageRedactionConfig
{
InfoType = new InfoType { Name = "EMAIL_ADDRESS" },
RedactionColor = new Color
{
Red = 0.5f,
Green = 0.5f,
Blue = 1f
}
};
var phoneRedactionConfig = new RedactImageRequest.Types.ImageRedactionConfig
{
InfoType = new InfoType { Name = "PHONE_NUMBER" },
RedactionColor = new Color
{
Red = 1f,
Green = 0f,
Blue = 0.6f
}
};
// Construct the Redact request to be sent by the client. Do not specify the type of info to redact.
var request = new RedactImageRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
ImageRedactionConfigs = { ssnRedactionConfig, emailRedactionConfig, phoneRedactionConfig },
ByteItem = byteContentItem
};
// Call the API.
RedactImageResponse response = dlp.RedactImage(request);
// Writes redacted image into file
response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));
Console.WriteLine($"Redacted image written to: {redactedImagePath}");
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
"io/ioutil"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// redactImageFileColoredInfoTypes redacts data from an image with color-coded infoTypes.
func redactImageFileColoredInfoTypes(w io.Writer, projectID, inputPath, outputPath string) error {
// projectId := "my-project-id"
// inputPath := "testdata/image.jpg"
// outputPath := "testdata/test-output-image-file-colored-infoType.jpeg"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// read the image file
fileBytes, err := ioutil.ReadFile(inputPath)
if err != nil {
return err
}
// Specify the content to be redacted.
byteItem := &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_IMAGE_JPEG,
Data: fileBytes,
}
// Define types of info to redact associate each one with a different color.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
ssnRedactionConfig := &dlppb.RedactImageRequest_ImageRedactionConfig{
Target: &dlppb.RedactImageRequest_ImageRedactionConfig_InfoType{
InfoType: &dlppb.InfoType{
Name: "US_SOCIAL_SECURITY_NUMBER",
},
},
RedactionColor: &dlppb.Color{
Red: 0.3,
Green: 0.1,
Blue: 0.6,
},
}
emailRedactionConfig := &dlppb.RedactImageRequest_ImageRedactionConfig{
Target: &dlppb.RedactImageRequest_ImageRedactionConfig_InfoType{
InfoType: &dlppb.InfoType{
Name: "EMAIL_ADDRESS",
},
},
RedactionColor: &dlppb.Color{
Red: 0.5,
Green: 0.5,
Blue: 1,
},
}
phoneRedactionConfig := &dlppb.RedactImageRequest_ImageRedactionConfig{
Target: &dlppb.RedactImageRequest_ImageRedactionConfig_InfoType{
InfoType: &dlppb.InfoType{
Name: "PHONE_NUMBER",
},
},
RedactionColor: &dlppb.Color{
Red: 1,
Green: 0,
Blue: 0.6,
},
}
// Construct the Inspect request to be sent by the client.
req := &dlppb.RedactImageRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
ByteItem: byteItem,
ImageRedactionConfigs: []*dlppb.RedactImageRequest_ImageRedactionConfig{
emailRedactionConfig,
phoneRedactionConfig,
ssnRedactionConfig,
},
}
// Send the request.
resp, err := client.RedactImage(ctx, req)
if err != nil {
return err
}
// Write the output file.
if err := ioutil.WriteFile(outputPath, resp.GetRedactedImage(), 0644); err != nil {
return err
}
fmt.Fprintf(w, "Wrote output to %s", outputPath)
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.Color;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
class RedactImageFileColoredInfoTypes {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "my-project-id";
String inputPath = "src/test/resources/test.png";
String outputPath = "redacted.png";
redactImageFileColoredInfoTypes(projectId, inputPath, outputPath);
}
static void redactImageFileColoredInfoTypes(String projectId, String inputPath, String outputPath)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the content to be redacted.
ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
ByteContentItem byteItem =
ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();
// Define types of info to redact associate each one with a different color.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
ImageRedactionConfig ssnRedactionConfig =
ImageRedactionConfig.newBuilder()
.setInfoType(InfoType.newBuilder().setName("US_SOCIAL_SECURITY_NUMBER").build())
.setRedactionColor(Color.newBuilder().setRed(.3f).setGreen(.1f).setBlue(.6f).build())
.build();
ImageRedactionConfig emailRedactionConfig =
ImageRedactionConfig.newBuilder()
.setInfoType(InfoType.newBuilder().setName("EMAIL_ADDRESS").build())
.setRedactionColor(Color.newBuilder().setRed(.5f).setGreen(.5f).setBlue(1).build())
.build();
ImageRedactionConfig phoneRedactionConfig =
ImageRedactionConfig.newBuilder()
.setInfoType(InfoType.newBuilder().setName("PHONE_NUMBER").build())
.setRedactionColor(Color.newBuilder().setRed(1).setGreen(0).setBlue(.6f).build())
.build();
// Create collection of all redact configurations.
List<ImageRedactionConfig> imageRedactionConfigs =
Arrays.asList(ssnRedactionConfig, emailRedactionConfig, phoneRedactionConfig);
// List types of info to search for.
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(
imageRedactionConfigs.stream()
.map(ImageRedactionConfig::getInfoType)
.collect(Collectors.toList()))
.build();
// Construct the Redact request to be sent by the client.
RedactImageRequest request =
RedactImageRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setByteItem(byteItem)
.addAllImageRedactionConfigs(imageRedactionConfigs)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
RedactImageResponse response = dlp.redactImage(request);
// Parse the response and process results.
FileOutputStream redacted = new FileOutputStream(outputPath);
redacted.write(response.getRedactedImage().toByteArray());
redacted.close();
System.out.println("Redacted image written to " + outputPath);
}
}
}
Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Imports required Node.js libraries
const mime = require('mime');
const fs = require('fs');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The path to a local file to inspect. Can be a JPG or PNG image file.
// const filepath = 'path/to/image.png';
// The local path to save the resulting image to.
// const outputPath = 'result.png';
async function redactImageColoredInfoType() {
// Define types of info to redact associate each one with a different color.
const imageRedactionConfigs = [
{
infoType: {name: 'US_SOCIAL_SECURITY_NUMBER'},
redactionColor: {red: 0.3, green: 0.1, blue: 0.6},
},
{
infoType: {name: 'EMAIL_ADDRESS'},
redactionColor: {red: 0.5, green: 0.5, blue: 1},
},
{
infoType: {name: 'PHONE_NUMBER'},
redactionColor: {red: 1, green: 0, blue: 0.6},
},
];
// Load image
const fileTypeConstant =
['image/jpeg', 'image/bmp', 'image/png', 'image/svg'].indexOf(
mime.getType(filepath)
) + 1;
const fileBytes = Buffer.from(fs.readFileSync(filepath)).toString('base64');
// Construct the Redact request to be sent by the client.
const request = {
parent: `projects/${projectId}/locations/global`,
byteItem: {
type: fileTypeConstant,
data: fileBytes,
},
imageRedactionConfigs: imageRedactionConfigs,
};
// Send the request and receive response from the service.
const [response] = await dlp.redactImage(request);
const image = response.redactedImage;
fs.writeFileSync(outputPath, image);
console.log(`Saved image redaction results to path: ${outputPath}`);
}
redactImageColoredInfoType();
PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\ByteContentItem;
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\Color;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\RedactImageRequest;
use Google\Cloud\Dlp\V2\RedactImageRequest\ImageRedactionConfig;
/**
* Redact data from an image with color-coded infoTypes.
*
* @param string $callingProjectId The project ID to run the API call under.
* @param string $imagePath The local filepath of the image to inspect.
* @param string $outputPath The local filepath to save the resulting image to.
*/
function redact_image_colored_infotypes(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $imagePath = './test/data/test.png',
string $outputPath = './test/data/sensitive-data-image-redacted-color-coding.png'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// Read image file into a buffer.
$imageRef = fopen($imagePath, 'rb');
$imageBytes = fread($imageRef, filesize($imagePath));
fclose($imageRef);
// Get the image's content type.
$typeConstant = (int) array_search(
mime_content_type($imagePath),
[false, 'image/jpeg', 'image/bmp', 'image/png', 'image/svg']
);
// Create the byte-storing object.
$byteContent = (new ByteContentItem())
->setType($typeConstant)
->setData($imageBytes);
// Define the types of information to redact and associate each one with a different color.
$ssnInfotype = (new InfoType())
->setName('US_SOCIAL_SECURITY_NUMBER');
$emailInfotype = (new InfoType())
->setName('EMAIL_ADDRESS');
$phoneInfotype = (new InfoType())
->setName('PHONE_NUMBER');
$infotypes = [$ssnInfotype, $emailInfotype, $phoneInfotype];
$ssnRedactionConfig = (new ImageRedactionConfig())
->setInfoType($ssnInfotype)
->setRedactionColor((new Color())
->setRed(.3)
->setGreen(.1)
->setBlue(.6));
$emailRedactionConfig = (new ImageRedactionConfig())
->setInfoType($emailInfotype)
->setRedactionColor((new Color())
->setRed(.5)
->setGreen(.5)
->setBlue(1));
$phoneRedactionConfig = (new ImageRedactionConfig())
->setInfoType($phoneInfotype)
->setRedactionColor((new Color())
->setRed(1)
->setGreen(0)
->setBlue(.6));
$imageRedactionConfigs = [$ssnRedactionConfig, $emailRedactionConfig, $phoneRedactionConfig];
// Create the configuration object.
$inspectConfig = (new InspectConfig())
->setInfoTypes($infotypes);
$parent = "projects/$callingProjectId/locations/global";
// Run request.
$redactImageRequest = (new RedactImageRequest())
->setParent($parent)
->setByteItem($byteContent)
->setInspectConfig($inspectConfig)
->setImageRedactionConfigs($imageRedactionConfigs);
$response = $dlp->redactImage($redactImageRequest);
// Save result to file.
file_put_contents($outputPath, $response->getRedactedImage());
// Print completion message.
printf('Redacted image saved to %s ' . PHP_EOL, $outputPath);
}
Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def redact_image_with_colored_info_types(
project: str,
filename: str,
output_filename: str,
) -> None:
"""Uses the Data Loss Prevention API to redact protected data in an image by
color coding the infoTypes.
Args:
project: The Google Cloud project id to use as a parent resource.
filename: The path of the image file to inspect.
output_filename: The path to which the redacted image will be written.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Prepare image_redaction_configs, a list of dictionaries. Each dictionary
# contains an infoType and the color used for the replacement.
ssn_redaction_config = {
"info_type": {"name": "US_SOCIAL_SECURITY_NUMBER"},
"redaction_color": {
"red": 0.3,
"green": 0.1,
"blue": 0.6,
},
}
email_redaction_config = {
"info_type": {"name": "EMAIL_ADDRESS"},
"redaction_color": {
"red": 0.5,
"green": 0.5,
"blue": 1.0,
},
}
phone_redaction_config = {
"info_type": {"name": "PHONE_NUMBER"},
"redaction_color": {
"red": 1.0,
"green": 0.0,
"blue": 0.6,
},
}
image_redaction_configs = [
ssn_redaction_config,
email_redaction_config,
phone_redaction_config,
]
# Construct the configuration dictionary.
inspect_config = {"info_types": [_i["info_type"] for _i in image_redaction_configs]}
# Construct the byte_item, containing the file's byte data.
with open(filename, mode="rb") as f:
byte_item = {"type_": "IMAGE", "data": f.read()}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.redact_image(
request={
"parent": parent,
"inspect_config": inspect_config,
"image_redaction_configs": image_redaction_configs,
"byte_item": byte_item,
}
)
# Write out the results.
with open(output_filename, mode="wb") as f:
f.write(response.redacted_image)
byte_count = len(response.redacted_image)
print(f"Wrote {byte_count} to {output_filename}")
REST
{ "byteItem": { "data": "[BASE64-ENCODED-IMAGE]", "type": "IMAGE_JPEG" }, "imageRedactionConfigs": [ { "infoType": { "name": "US_SOCIAL_SECURITY_NUMBER" }, "redactionColor": { "red": 0.3, "green": 0.1, "blue": 0.6 } }, { "infoType": { "name": "EMAIL_ADDRESS" }, "redactionColor": { "red": 0.5, "blue": 0.5, "green": 1 } }, { "infoType": { "name": "PHONE_NUMBER" }, "redactionColor": { "red": 1, "blue": 0, "green": 0.6 } } ] }
敏感数据保护会返回以下内容:
{ "redactedImage": "[BASE64-ENCODED-IMAGE]" }
对 base64 编码的图片进行解码。
生成的图片如下所示:
遮盖图片中的所有文本
敏感数据保护还包含一个选项,用于隐去图片中检测到的所有文本。
如需隐去图片中的所有文本,请向 DLP API 的 image.redact
方法提交请求。请求必须包含以下内容:
- 图片。
- 将
redactAllText
选项设置为true
。
请参考第一部分中的原始图片。要遮盖所有文本,请将以下 JSON 发送到 DLP API 的 image.redact
方法:
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;
public class RedactDetectedTextInImage
{
public static RedactImageResponse RedactTextImage(
string projectId,
string originalImagePath,
string redactedImagePath)
{
// Instantiate the dlp client.
var dlp = DlpServiceClient.Create();
// Construct the content item by specifying the content to be redacted.
var byteContentItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.ImagePng,
Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
};
// Enable redaction of all text.
var imageRedactionConfig = new RedactImageRequest.Types.ImageRedactionConfig
{
RedactAllText = true
};
// Construct the Redact request to be sent by the client. Do not specify the type of info to redact.
var request = new RedactImageRequest
{
ParentAsLocationName = new LocationName(projectId, "global"),
ImageRedactionConfigs = { imageRedactionConfig },
ByteItem = byteContentItem
};
// Call the API.
var response = dlp.RedactImage(request);
// Inspect the response.
Console.WriteLine($"Redacted image written to: {redactedImagePath}");
// Writes redacted image into file
response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
"io/ioutil"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// redactImageFileAllText redacts all detected text in an image
func redactImageFileAllText(w io.Writer, projectID, inputPath, outputPath string) error {
// projectId := "my-project-id"
// inputPath := "testdata/image.jpg"
// outputPath := "testdata/test-output-image-file-all-text.jpeg"
ctx := context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client, err := dlp.NewClient(ctx)
if err != nil {
return err
}
// Closing the client safely cleans up background resources.
defer client.Close()
// read the image file
fileBytes, err := ioutil.ReadFile(inputPath)
if err != nil {
return err
}
// Specify the content to be redacted.
byteItem := &dlppb.ByteContentItem{
Type: dlppb.ByteContentItem_IMAGE_JPEG,
Data: fileBytes,
}
// Enable redaction of all text.
imageRedactConfig := &dlppb.RedactImageRequest_ImageRedactionConfig{
Target: &dlppb.RedactImageRequest_ImageRedactionConfig_RedactAllText{
RedactAllText: true,
},
}
// Construct the Redact request to be sent by the client.
// Do not specify the type of info to redact.
req := &dlppb.RedactImageRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
ByteItem: byteItem,
ImageRedactionConfigs: []*dlppb.RedactImageRequest_ImageRedactionConfig{
imageRedactConfig,
},
}
// Send the request.
resp, err := client.RedactImage(ctx, req)
if err != nil {
return err
}
// Write the output file.
if err := ioutil.WriteFile(outputPath, resp.GetRedactedImage(), 0644); err != nil {
return err
}
fmt.Fprintf(w, "Wrote output to %s", outputPath)
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageRequest.ImageRedactionConfig;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
class RedactImageFileAllText {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "my-project-id";
String inputPath = "src/test/resources/sensitive-data-image.jpeg";
String outputPath = "sensitive-data-image-redacted.jpeg";
redactImageFileAllText(projectId, inputPath, outputPath);
}
static void redactImageFileAllText(String projectId, String inputPath, String outputPath)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the content to be redacted.
ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
ByteContentItem byteItem =
ByteContentItem.newBuilder().setType(BytesType.IMAGE_JPEG).setData(fileBytes).build();
// Enable redaction of all text.
ImageRedactionConfig imageRedactionConfig =
ImageRedactionConfig.newBuilder().setRedactAllText(true).build();
// Construct the Redact request to be sent by the client.
// Do not specify the type of info to redact.
RedactImageRequest request =
RedactImageRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setByteItem(byteItem)
.addImageRedactionConfigs(imageRedactionConfig)
.build();
// Use the client to send the API request.
RedactImageResponse response = dlp.redactImage(request);
// Parse the response and process results.
FileOutputStream redacted = new FileOutputStream(outputPath);
redacted.write(response.getRedactedImage().toByteArray());
redacted.close();
System.out.println("Redacted image written to " + outputPath);
}
}
}
Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Imports required Node.js libraries
const mime = require('mime');
const fs = require('fs');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The path to a local file to inspect. Can be a JPG or PNG image file.
// const filepath = 'path/to/image.png';
// The local path to save the resulting image to.
// const outputPath = 'result.png';
async function redactImageAllText() {
// Enable redaction of all text.
const imageRedactionConfigs = [{redactAllText: true}];
// Load image
const fileTypeConstant =
['image/jpeg', 'image/bmp', 'image/png', 'image/svg'].indexOf(
mime.getType(filepath)
) + 1;
const fileBytes = Buffer.from(fs.readFileSync(filepath)).toString('base64');
// Construct the Redact request to be sent by the client.
// Do not specify the type of info to redact.
const request = {
parent: `projects/${projectId}/locations/global`,
byteItem: {
type: fileTypeConstant,
data: fileBytes,
},
imageRedactionConfigs: imageRedactionConfigs,
};
// Run image redaction request
const [response] = await dlp.redactImage(request);
// Parse the response and process results.
const image = response.redactedImage;
fs.writeFileSync(outputPath, image);
console.log(`Saved image redaction results to path: ${outputPath}`);
}
redactImageAllText();
PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\ByteContentItem;
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\RedactImageRequest;
use Google\Cloud\Dlp\V2\RedactImageRequest\ImageRedactionConfig;
/**
* Redact all detected text in an image.
*
* @param string $callingProjectId The project ID to run the API call under.
* @param string $imagePath The local filepath of the image to redact.
* @param string $outputPath The local filepath to save the resulting image to.
*/
function redact_image_all_text(
// TODO(developer): Replace sample parameters before running the code.
string $callingProjectId,
string $imagePath = './test/data/test.png',
string $outputPath = './test/data/redact_image_all_text.png'
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// Read image file into a buffer.
$imageRef = fopen($imagePath, 'rb');
$imageBytes = fread($imageRef, filesize($imagePath));
fclose($imageRef);
// Get the image's content type.
$typeConstant = (int) array_search(
mime_content_type($imagePath),
[false, 'image/jpeg', 'image/bmp', 'image/png', 'image/svg']
);
// Create the byte-storing object.
$byteContent = (new ByteContentItem())
->setType($typeConstant)
->setData($imageBytes);
// Enable redaction of all text.
$imageRedactionConfig = (new ImageRedactionConfig())
->setRedactAllText(true);
$parent = "projects/$callingProjectId/locations/global";
// Run request.
$redactImageRequest = (new RedactImageRequest())
->setParent($parent)
->setByteItem($byteContent)
->setImageRedactionConfigs([$imageRedactionConfig]);
$response = $dlp->redactImage($redactImageRequest);
// Save result to file.
file_put_contents($outputPath, $response->getRedactedImage());
// Print completion message.
printf('Redacted image saved to %s' . PHP_EOL, $outputPath);
}
Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import google.cloud.dlp
def redact_image_all_text(
project: str,
filename: str,
output_filename: str,
) -> None:
"""Uses the Data Loss Prevention API to redact all text in an image.
Args:
project: The Google Cloud project id to use as a parent resource.
filename: The path to the file to inspect.
output_filename: The path to which the redacted image will be written.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Construct the image_redaction_configs, indicating to DLP that all text in
# the input image should be redacted.
image_redaction_configs = [{"redact_all_text": True}]
# Construct the byte_item, containing the file's byte data.
with open(filename, mode="rb") as f:
byte_item = {"type_": google.cloud.dlp_v2.FileType.IMAGE, "data": f.read()}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.redact_image(
request={
"parent": parent,
"image_redaction_configs": image_redaction_configs,
"byte_item": byte_item,
}
)
# Write out the results.
with open(output_filename, mode="wb") as f:
f.write(response.redacted_image)
print(
"Wrote {byte_count} to {filename}".format(
byte_count=len(response.redacted_image), filename=output_filename
)
)
REST
{ "byteItem": { "data": "[BASE64-ENCODED-IMAGE]", "type": "IMAGE_JPEG" }, "imageRedactionConfigs": [ { "redactAllText": true } ] }
敏感数据保护会返回以下内容:
{ "redactedImage": "[BASE64-ENCODED-IMAGE]" }
对 base64 编码的图片进行解码。
此 API 会以相同格式返回您所提供的图片,但会遮盖根据您的标准识别为包含敏感信息的所有文本。
生成的图片如下所示:
包含可能性设置的代码示例
此示例与隐去图片中的特定 infoType 类似。此外,还演示了如何指定最小可能性。
C#
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using Google.Protobuf;
using System;
using System.IO;
public class RedactImage
{
public static RedactImageResponse Redact(string projectId, string originalImagePath, string redactedImagePath)
{
var request = new RedactImageRequest
{
Parent = new LocationName(projectId, "global").ToString(),
InspectConfig = new InspectConfig
{
MinLikelihood = Likelihood.Likely,
IncludeQuote = true,
InfoTypes =
{
new InfoType { Name = "PHONE_NUMBER" },
new InfoType { Name = "EMAIL_ADDRESS" },
new InfoType { Name = "CREDIT_CARD_NUMBER" }
}
},
ByteItem = new ByteContentItem
{
Type = ByteContentItem.Types.BytesType.ImagePng,
Data = ByteString.FromStream(new FileStream(originalImagePath, FileMode.Open))
},
};
var client = DlpServiceClient.Create();
var response = client.RedactImage(request);
Console.WriteLine($"Extracted text: {response.ExtractedText}");
// Writes redacted image into file
response.RedactedImage.WriteTo(new FileStream(redactedImagePath, FileMode.Create, FileAccess.Write));
return response;
}
}
Go
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
"io/ioutil"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// redactImage blacks out the identified portions of the input image (with type bytesType)
// and stores the result in outputPath.
func redactImage(w io.Writer, projectID string, infoTypeNames []string, bytesType dlppb.ByteContentItem_BytesType, inputPath, outputPath string) error {
// projectID := "my-project-id"
// infoTypeNames := []string{"US_SOCIAL_SECURITY_NUMBER"}
// bytesType := dlppb.ByteContentItem_IMAGE_PNG
// inputPath := /tmp/input
// outputPath := /tmp/output
ctx := context.Background()
client, err := dlp.NewClient(ctx)
if err != nil {
return fmt.Errorf("dlp.NewClient: %w", err)
}
defer client.Close()
// Convert the info type strings to a list of InfoTypes.
var infoTypes []*dlppb.InfoType
for _, it := range infoTypeNames {
infoTypes = append(infoTypes, &dlppb.InfoType{Name: it})
}
// Convert the info type strings to a list of types to redact in the image.
var redactInfoTypes []*dlppb.RedactImageRequest_ImageRedactionConfig
for _, it := range infoTypeNames {
redactInfoTypes = append(redactInfoTypes, &dlppb.RedactImageRequest_ImageRedactionConfig{
Target: &dlppb.RedactImageRequest_ImageRedactionConfig_InfoType{
InfoType: &dlppb.InfoType{Name: it},
},
})
}
// Read the input file.
b, err := ioutil.ReadFile(inputPath)
if err != nil {
return fmt.Errorf("ioutil.ReadFile: %w", err)
}
// Create a configured request.
req := &dlppb.RedactImageRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
MinLikelihood: dlppb.Likelihood_POSSIBLE,
},
// The item to analyze.
ByteItem: &dlppb.ByteContentItem{
Type: bytesType,
Data: b,
},
ImageRedactionConfigs: redactInfoTypes,
}
// Send the request.
resp, err := client.RedactImage(ctx, req)
if err != nil {
return fmt.Errorf("RedactImage: %w", err)
}
// Write the output file.
if err := ioutil.WriteFile(outputPath, resp.GetRedactedImage(), 0644); err != nil {
return fmt.Errorf("ioutil.WriteFile: %w", err)
}
fmt.Fprintf(w, "Wrote output to %s", outputPath)
return nil
}
Java
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.ByteContentItem;
import com.google.privacy.dlp.v2.ByteContentItem.BytesType;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.Likelihood;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.RedactImageRequest;
import com.google.privacy.dlp.v2.RedactImageResponse;
import com.google.protobuf.ByteString;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
class RedactImageFile {
public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "my-project-id";
String inputPath = "src/test/resources/test.png";
String outputPath = "redacted.png";
redactImageFile(projectId, inputPath, outputPath);
}
static void redactImageFile(String projectId, String inputPath, String outputPath)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlp = DlpServiceClient.create()) {
// Specify the content to be inspected.
ByteString fileBytes = ByteString.readFrom(new FileInputStream(inputPath));
ByteContentItem byteItem =
ByteContentItem.newBuilder().setType(BytesType.IMAGE).setData(fileBytes).build();
// Specify the type of info and likelihood necessary to redact.
List<InfoType> infoTypes = new ArrayList<>();
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
for (String typeName : new String[] {"PHONE_NUMBER", "EMAIL_ADDRESS", "CREDIT_CARD_NUMBER"}) {
infoTypes.add(InfoType.newBuilder().setName(typeName).build());
}
InspectConfig config =
InspectConfig.newBuilder()
.addAllInfoTypes(infoTypes)
.setMinLikelihood(Likelihood.LIKELY)
.build();
// Construct the Redact request to be sent by the client.
RedactImageRequest request =
RedactImageRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setByteItem(byteItem)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
RedactImageResponse response = dlp.redactImage(request);
// Parse the response and process results.
FileOutputStream redacted = new FileOutputStream(outputPath);
redacted.write(response.getRedactedImage().toByteArray());
redacted.close();
System.out.println("Redacted image written to " + outputPath);
}
}
}
Node.js
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Imports required Node.js libraries
const mime = require('mime');
const fs = require('fs');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// The path to a local file to inspect. Can be a JPG or PNG image file.
// const filepath = 'path/to/image.png';
// The minimum likelihood required before redacting a match
// const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';
// The infoTypes of information to redact
// const infoTypes = [{ name: 'EMAIL_ADDRESS' }, { name: 'PHONE_NUMBER' }];
// The local path to save the resulting image to.
// const outputPath = 'result.png';
async function redactImage() {
const imageRedactionConfigs = infoTypes.map(infoType => {
return {infoType: infoType};
});
// Load image
const fileTypeConstant =
['image/jpeg', 'image/bmp', 'image/png', 'image/svg'].indexOf(
mime.getType(filepath)
) + 1;
const fileBytes = Buffer.from(fs.readFileSync(filepath)).toString('base64');
// Construct image redaction request
const request = {
parent: `projects/${projectId}/locations/global`,
byteItem: {
type: fileTypeConstant,
data: fileBytes,
},
inspectConfig: {
minLikelihood: minLikelihood,
infoTypes: infoTypes,
},
imageRedactionConfigs: imageRedactionConfigs,
};
// Run image redaction request
const [response] = await dlp.redactImage(request);
const image = response.redactedImage;
fs.writeFileSync(outputPath, image);
console.log(`Saved image redaction results to path: ${outputPath}`);
}
redactImage();
PHP
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\ByteContentItem;
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\RedactImageRequest;
use Google\Cloud\Dlp\V2\RedactImageRequest\ImageRedactionConfig;
/**
* Redact sensitive data from an image.
*
* @param string $callingProjectId The project ID to run the API call under
* @param string $imagePath The local filepath of the image to inspect
* @param string $outputPath The local filepath to save the resulting image to
*/
function redact_image(
string $callingProjectId,
string $imagePath,
string $outputPath
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// The infoTypes of information to match
$phoneNumberInfoType = (new InfoType())
->setName('PHONE_NUMBER');
$infoTypes = [$phoneNumberInfoType];
// The minimum likelihood required before returning a match
$minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;
// Whether to include the matching string in the response
$includeQuote = true;
// Create the configuration object
$inspectConfig = (new InspectConfig())
->setMinLikelihood($minLikelihood)
->setInfoTypes($infoTypes);
// Read image file into a buffer
$imageRef = fopen($imagePath, 'rb');
$imageBytes = fread($imageRef, filesize($imagePath));
fclose($imageRef);
// Get the image's content type
$typeConstant = (int) array_search(
mime_content_type($imagePath),
[false, 'image/jpeg', 'image/bmp', 'image/png', 'image/svg']
);
// Create the byte-storing object
$byteContent = (new ByteContentItem())
->setType($typeConstant)
->setData($imageBytes);
// Create the image redaction config objects
$imageRedactionConfigs = [];
foreach ($infoTypes as $infoType) {
$config = (new ImageRedactionConfig())
->setInfoType($infoType);
$imageRedactionConfigs[] = $config;
}
$parent = "projects/$callingProjectId/locations/global";
// Run request
$redactImageRequest = (new RedactImageRequest())
->setParent($parent)
->setInspectConfig($inspectConfig)
->setByteItem($byteContent)
->setImageRedactionConfigs($imageRedactionConfigs);
$response = $dlp->redactImage($redactImageRequest);
// Save result to file
file_put_contents($outputPath, $response->getRedactedImage());
// Print completion message
print('Redacted image saved to ' . $outputPath . PHP_EOL);
}
Python
如需了解如何安装和使用用于敏感数据保护的客户端库,请参阅敏感数据保护客户端库。
如需向敏感数据保护服务进行身份验证,请设置应用默认凭据。如需了解详情,请参阅为本地开发环境设置身份验证。
import mimetypes
from typing import List
import google.cloud.dlp
def redact_image(
project: str,
filename: str,
output_filename: str,
info_types: List[str],
min_likelihood: str = None,
mime_type: str = None,
) -> None:
"""Uses the Data Loss Prevention API to redact protected data in an image.
Args:
project: The Google Cloud project id to use as a parent resource.
filename: The path to the file to inspect.
output_filename: The path to which the redacted image will be written.
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
min_likelihood: A string representing the minimum likelihood threshold
that constitutes a match. One of: 'LIKELIHOOD_UNSPECIFIED',
'VERY_UNLIKELY', 'UNLIKELY', 'POSSIBLE', 'LIKELY', 'VERY_LIKELY'.
mime_type: The MIME type of the file. If not specified, the type is
inferred via the Python standard library's mimetypes module.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Prepare info_types by converting the list of strings into a list of
# dictionaries (protos are also accepted).
info_types = [{"name": info_type} for info_type in info_types]
# Prepare image_redaction_configs, a list of dictionaries. Each dictionary
# contains an info_type and optionally the color used for the replacement.
# The color is omitted in this sample, so the default (black) will be used.
image_redaction_configs = []
if info_types is not None:
for info_type in info_types:
image_redaction_configs.append({"info_type": info_type})
# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {
"min_likelihood": min_likelihood,
"info_types": info_types,
}
# If mime_type is not specified, guess it from the filename.
if mime_type is None:
mime_guess = mimetypes.MimeTypes().guess_type(filename)
mime_type = mime_guess[0] or "application/octet-stream"
# Select the content type index from the list of supported types.
supported_content_types = {
None: 0, # "Unspecified"
"image/jpeg": 1,
"image/bmp": 2,
"image/png": 3,
"image/svg": 4,
"text/plain": 5,
}
content_type_index = supported_content_types.get(mime_type, 0)
# Construct the byte_item, containing the file's byte data.
with open(filename, mode="rb") as f:
byte_item = {"type_": content_type_index, "data": f.read()}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.redact_image(
request={
"parent": parent,
"inspect_config": inspect_config,
"image_redaction_configs": image_redaction_configs,
"byte_item": byte_item,
}
)
# Write out the results.
with open(output_filename, mode="wb") as f:
f.write(response.redacted_image)
print(
"Wrote {byte_count} to {filename}".format(
byte_count=len(response.redacted_image), filename=output_filename
)
)
试试看
您可以在 API Explorer 的 image.redact
参考页面上自行尝试本页中的每个示例,或使用您自己的图片尝试这些操作:
后续步骤
- 详细了解图片检查和遮盖。
- 完成使用敏感数据保护遮盖敏感数据 Codelab。
- 了解如何检查图片是否存在敏感数据。
- 详细了解如何在存储空间中创建去标识化的数据副本。