Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see Sensitive Data Protection overview.

REST Resource: organizations.locations.connections

Resource: Connection
Methods

Resource: Connection

A data connection to allow the DLP API to profile data in locations that require additional configuration.

JSON representation

JSON representation
{ "name": string, "state": enum (`ConnectionState`), "errors": [ { object (`Error`) } ], // Union field `properties` can be only one of the following: "cloudSql": { object (`CloudSqlProperties`) } // End of list of possible types for union field `properties`. }

{
  "name": string,
  "state": enum (ConnectionState),
  "errors": [
    {
      object (Error)
    }
  ],

  // Union field properties can be only one of the following:
  "cloudSql": {
    object (CloudSqlProperties)
  }
  // End of list of possible types for union field properties.
}

Fields
`name`	`string` Output only. Name of the connection: `projects/{project}/locations/{location}/connections/{name}`.
`state`	`enum (ConnectionState)` Required. The connection's state in its lifecycle.
`errors[]`	`object (Error)` Output only. Set if status == ERROR, to provide additional details. Will store the last 10 errors sorted with the most recent first.
Union field `properties`. Type of connection. `properties` can be only one of the following:
`cloudSql`	`object (CloudSqlProperties)` Connect to a Cloud SQL instance.

ConnectionState

State of the connection. New values may be added over time.

Enums
`CONNECTION_STATE_UNSPECIFIED`	Unused
`MISSING_CREDENTIALS`	The DLP API automatically created this connection during an initial scan, and it is awaiting full configuration by a user.
`AVAILABLE`	A configured connection that has not encountered any errors.
`ERROR`	A configured connection that encountered errors during its last use. It will not be used again until it is set to AVAILABLE. If the resolution requires external action, then the client must send a request to set the status to AVAILABLE when the connection is ready for use. If the resolution doesn't require external action, then any changes to the connection properties will automatically mark it as AVAILABLE.

CloudSqlProperties

Cloud SQL connection properties.

JSON representation

JSON representation
{ "connectionName": string, "maxConnections": integer, "databaseEngine": enum (`DatabaseEngine`), // Union field `credential` can be only one of the following: "usernamePassword": { object (`SecretManagerCredential`) }, "cloudSqlIam": { object (`CloudSqlIamCredential`) } // End of list of possible types for union field `credential`. }

{
  "connectionName": string,
  "maxConnections": integer,
  "databaseEngine": enum (DatabaseEngine),

  // Union field credential can be only one of the following:
  "usernamePassword": {
    object (SecretManagerCredential)
  },
  "cloudSqlIam": {
    object (CloudSqlIamCredential)
  }
  // End of list of possible types for union field credential.
}

Fields
`connectionName`	`string` Optional. Immutable. The Cloud SQL instance for which the connection is defined. Only one connection per instance is allowed. This can only be set at creation time, and cannot be updated. It is an error to use a connectionName from different project or region than the one that holds the connection. For example, a Connection resource for Cloud SQL connectionName `project-id:us-central1:sql-instance` must be created under the parent `projects/project-id/locations/us-central1`
`maxConnections`	`integer` Required. The DLP API will limit its connections to maxConnections. Must be 2 or greater.
`databaseEngine`	`enum (DatabaseEngine)` Required. The database engine used by the Cloud SQL instance that this connection configures.
Union field `credential`. How to authenticate to the instance. `credential` can be only one of the following:
`usernamePassword`	`object (SecretManagerCredential)` A username and password stored in Secret Manager.
`cloudSqlIam`	`object (CloudSqlIamCredential)` Built-in IAM authentication (must be configured in Cloud SQL).

SecretManagerCredential

A credential consisting of a username and password, where the password is stored in a Secret Manager resource. Note: Secret Manager charges apply.

JSON representation
{ "username": string, "passwordSecretVersionName": string }

Fields

Fields
`username`	`string` Required. The username.
`passwordSecretVersionName`	`string` Required. The name of the Secret Manager resource that stores the password, in the form `projects/project-id/secrets/secret-name/versions/version`.

username

string

Required. The username.

passwordSecretVersionName

string

Required. The name of the Secret Manager resource that stores the password, in the form projects/project-id/secrets/secret-name/versions/version.

CloudSqlIamCredential

This type has no fields.

Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication.

DatabaseEngine

Database engine of a Cloud SQL instance. New values may be added over time.

Enums
`DATABASE_ENGINE_UNKNOWN`	An engine that is not currently supported by Sensitive Data Protection.
`DATABASE_ENGINE_MYSQL`	Cloud SQL for MySQL instance.
`DATABASE_ENGINE_POSTGRES`	Cloud SQL for PostgreSQL instance.

Methods
`create`	Create a Connection to an external data source.
`delete`	Delete a Connection.
`get`	Get a Connection by name.
`list`	Lists Connections in a parent.
`patch`	Update a Connection.
`search`	Searches for Connections in a parent.

REST Resource: organizations.locations.connections

Resource: Connection

ConnectionState

CloudSqlProperties

SecretManagerCredential

CloudSqlIamCredential

DatabaseEngine

Methods

`create`

`delete`

`get`

`list`

`patch`

`search`