REST Resource: organizations.locations.connections

Resource: Connection

A data connection to allow the DLP API to profile data in locations that require additional configuration.

JSON representation
{
  "name": string,
  "state": enum (ConnectionState),
  "errors": [
    {
      object (Error)
    }
  ],

  // Union field properties can be only one of the following:
  "cloudSql": {
    object (CloudSqlProperties)
  }
  // End of list of possible types for union field properties.
}
Fields
name

string

Output only. Name of the connection: projects/{project}/locations/{location}/connections/{name}.

state

enum (ConnectionState)

Required. The connection's state in its lifecycle.

errors[]

object (Error)

Output only. Set if status == ERROR, to provide additional details. Will store the last 10 errors sorted with the most recent first.

Union field properties. Type of connection. properties can be only one of the following:
cloudSql

object (CloudSqlProperties)

Connect to a Cloud SQL instance.

ConnectionState

State of the connection. New values may be added over time.

Enums
CONNECTION_STATE_UNSPECIFIED Unused
MISSING_CREDENTIALS The DLP API automatically created this connection during an initial scan, and it is awaiting full configuration by a user.
AVAILABLE A configured connection that has not encountered any errors.
ERROR

A configured connection that encountered errors during its last use. It will not be used again until it is set to AVAILABLE.

If the resolution requires external action, then the client must send a request to set the status to AVAILABLE when the connection is ready for use. If the resolution doesn't require external action, then any changes to the connection properties will automatically mark it as AVAILABLE.

CloudSqlProperties

Cloud SQL connection properties.

JSON representation
{
  "connectionName": string,
  "maxConnections": integer,
  "databaseEngine": enum (DatabaseEngine),

  // Union field credential can be only one of the following:
  "usernamePassword": {
    object (SecretManagerCredential)
  },
  "cloudSqlIam": {
    object (CloudSqlIamCredential)
  }
  // End of list of possible types for union field credential.
}
Fields
connectionName

string

Optional. Immutable. The Cloud SQL instance for which the connection is defined. Only one connection per instance is allowed. This can only be set at creation time, and cannot be updated.

It is an error to use a connectionName from different project or region than the one that holds the connection. For example, a Connection resource for Cloud SQL connectionName project-id:us-central1:sql-instance must be created under the parent projects/project-id/locations/us-central1

maxConnections

integer

Required. The DLP API will limit its connections to maxConnections. Must be 2 or greater.

databaseEngine

enum (DatabaseEngine)

Required. The database engine used by the Cloud SQL instance that this connection configures.

Union field credential. How to authenticate to the instance. credential can be only one of the following:
usernamePassword

object (SecretManagerCredential)

A username and password stored in Secret Manager.

cloudSqlIam

object (CloudSqlIamCredential)

Built-in IAM authentication (must be configured in Cloud SQL).

SecretManagerCredential

A credential consisting of a username and password, where the password is stored in a Secret Manager resource. Note: Secret Manager charges apply.

JSON representation
{
  "username": string,
  "passwordSecretVersionName": string
}
Fields
username

string

Required. The username.

passwordSecretVersionName

string

Required. The name of the Secret Manager resource that stores the password, in the form projects/project-id/secrets/secret-name/versions/version.

CloudSqlIamCredential

This type has no fields.

Use IAM authentication to connect. This requires the Cloud SQL IAM feature to be enabled on the instance, which is not the default for Cloud SQL. See https://cloud.google.com/sql/docs/postgres/authentication and https://cloud.google.com/sql/docs/mysql/authentication.

DatabaseEngine

Database engine of a Cloud SQL instance. New values may be added over time.

Enums
DATABASE_ENGINE_UNKNOWN An engine that is not currently supported by Sensitive Data Protection.
DATABASE_ENGINE_MYSQL Cloud SQL for MySQL instance.
DATABASE_ENGINE_POSTGRES Cloud SQL for PostgreSQL instance.

Methods

create

Create a Connection to an external data source.

delete

Delete a Connection.

get

Get a Connection by name.

list

Lists Connections in a parent.

patch

Update a Connection.
Searches for Connections in a parent.