- Resource: DiscoveryConfig
- JSON representation
- OrgConfig
- DiscoveryStartingLocation
- DiscoveryTarget
- BigQueryDiscoveryTarget
- DiscoveryBigQueryFilter
- BigQueryTableCollection
- BigQueryRegexes
- BigQueryRegex
- AllOtherBigQueryTables
- TableReference
- DiscoveryBigQueryConditions
- BigQueryTableTypes
- BigQueryTableType
- BigQueryTableTypeCollection
- OrConditions
- DiscoveryGenerationCadence
- DiscoverySchemaModifiedCadence
- BigQuerySchemaModification
- DataProfileUpdateFrequency
- DiscoveryTableModifiedCadence
- BigQueryTableModification
- DiscoveryInspectTemplateModifiedCadence
- Disabled
- CloudSqlDiscoveryTarget
- DiscoveryCloudSqlFilter
- DatabaseResourceCollection
- DatabaseResourceRegexes
- DatabaseResourceRegex
- AllOtherDatabaseResources
- DatabaseResourceReference
- DiscoveryCloudSqlConditions
- DatabaseEngine
- DatabaseResourceType
- DiscoveryCloudSqlGenerationCadence
- SchemaModifiedCadence
- CloudSqlSchemaModification
- SecretsDiscoveryTarget
- CloudStorageDiscoveryTarget
- DiscoveryCloudStorageFilter
- FileStoreCollection
- FileStoreRegexes
- FileStoreRegex
- CloudStorageRegex
- CloudStorageResourceReference
- AllOtherResources
- DiscoveryFileStoreConditions
- DiscoveryCloudStorageConditions
- CloudStorageObjectAttribute
- CloudStorageBucketAttribute
- DiscoveryCloudStorageGenerationCadence
- Status
- Methods
Resource: DiscoveryConfig
Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project.
The generated data profiles are retained according to the data retention policy.
JSON representation |
---|
{ "name": string, "displayName": string, "orgConfig": { object ( |
Fields | |
---|---|
name |
Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example |
displayName |
Display name (max 100 chars) |
orgConfig |
Only set when the parent is an org. |
inspectTemplates[] |
Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, includeQuote and excludeInfoTypes have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency. |
actions[] |
Actions to execute at the completion of scanning. |
targets[] |
Target to match against for determining what to scan and how frequently. |
errors[] |
Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared. |
createTime |
Output only. The creation timestamp of a DiscoveryConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
updateTime |
Output only. The last update timestamp of a DiscoveryConfig. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
lastRunTime |
Output only. The timestamp of the last time this config was executed. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
status |
Required. A status for this configuration. |
OrgConfig
Project and scan location information. Only set when the parent is an org.
JSON representation |
---|
{
"location": {
object ( |
Fields | |
---|---|
location |
The data to scan: folder, org, or project |
projectId |
The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled. |
DiscoveryStartingLocation
The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field location . The location to be scanned. location can be only one of the following: |
|
organizationId |
The ID of an organization to scan. |
folderId |
The ID of the folder within an organization to be scanned. |
DiscoveryTarget
Target used to match against for Discovery.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field target . A target to match against for Discovery. target can be only one of the following: |
|
bigQueryTarget |
BigQuery target for Discovery. The first target to match a table will be the one applied. |
cloudSqlTarget |
Cloud SQL target for Discovery. The first target to match a table will be the one applied. |
secretsTarget |
Discovery target that looks for credentials and secrets stored in cloud resource metadata and reports them as vulnerabilities to Security Command Center. Only one target of this type is allowed. |
cloudStorageTarget |
Cloud Storage target for Discovery. The first target to match a table will be the one applied. |
BigQueryDiscoveryTarget
Target used to match against for discovery with BigQuery tables
JSON representation |
---|
{ "filter": { object ( |
Fields | |
---|---|
filter |
Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table. |
conditions |
In addition to matching the filter, these conditions must be true before a profile is generated. |
Union field frequency . The generation rule includes the logic on how frequently to update the data profiles. If not specified, discovery will re-run and update no more than once a month if new columns appear in the table. frequency can be only one of the following: |
|
cadence |
How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity. |
disabled |
Tables that match this filter will not have profiles created. |
DiscoveryBigQueryFilter
Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field filter . Whether the filter applies to a specific set of tables or all other tables within the location being profiled. The first filter to match will be applied, regardless of the condition. If none is set, will default to other_tables . filter can be only one of the following: |
|
tables |
A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID. |
otherTables |
Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically. |
tableReference |
The table to scan. Discovery configurations including this can only include one DiscoveryTarget (the DiscoveryTarget with this TableReference). |
BigQueryTableCollection
Specifies a collection of BigQuery tables. Used for Discovery.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field pattern . Maximum of 100 entries. The first filter containing a pattern that matches a table will be used. pattern can be only one of the following: |
|
includeRegexes |
A collection of regular expressions to match a BigQuery table against. |
BigQueryRegexes
A collection of regular expressions to determine what tables to match against.
JSON representation |
---|
{
"patterns": [
{
object ( |
Fields | |
---|---|
patterns[] |
A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. |
BigQueryRegex
A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
JSON representation |
---|
{ "projectIdRegex": string, "datasetIdRegex": string, "tableIdRegex": string } |
Fields | |
---|---|
projectIdRegex |
For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project. |
datasetIdRegex |
If unset, this property matches all datasets. |
tableIdRegex |
If unset, this property matches all tables. |
AllOtherBigQueryTables
This type has no fields.
Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target.
TableReference
Message defining the location of a BigQuery table with the projectId inferred from the parent project.
JSON representation |
---|
{ "datasetId": string, "tableId": string } |
Fields | |
---|---|
datasetId |
Dataset ID of the table. |
tableId |
Name of the table. |
DiscoveryBigQueryConditions
Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age).
JSON representation |
---|
{ "createdAfter": string, "orConditions": { object ( |
Fields | |
---|---|
createdAfter |
BigQuery table must have been created after this date. Used to avoid backfilling. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
orConditions |
At least one of the conditions must be true for a table to be scanned. |
Union field included_types . The type of BigQuery tables to scan. If nothing is set the default behavior is to scan only tables of type TABLE and to give errors for all unsupported tables. included_types can be only one of the following: |
|
types |
Restrict discovery to specific table types. |
typeCollection |
Restrict discovery to categories of table types. |
BigQueryTableTypes
The types of BigQuery tables supported by Cloud DLP.
JSON representation |
---|
{
"types": [
enum ( |
Fields | |
---|---|
types[] |
A set of BigQuery table types. |
BigQueryTableType
Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, SNAPSHOT, and non-BigLake external tables are not supported.
Enums | |
---|---|
BIG_QUERY_TABLE_TYPE_UNSPECIFIED |
Unused. |
BIG_QUERY_TABLE_TYPE_TABLE |
A normal BigQuery table. |
BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE |
A table that references data stored in Cloud Storage. |
BigQueryTableTypeCollection
Over time new types may be added. Currently VIEW, MATERIALIZED_VIEW, and SNAPSHOT are not supported.
Enums | |
---|---|
BIG_QUERY_COLLECTION_UNSPECIFIED |
Unused. |
BIG_QUERY_COLLECTION_ALL_TYPES |
Automatically generate profiles for all tables, even if the table type is not yet fully supported for analysis. Profiles for unsupported tables will be generated with errors to indicate their partial support. When full support is added, the tables will automatically be profiled during the next scheduled run. |
BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES |
Only those types fully supported will be profiled. Will expand automatically as Cloud DLP adds support for new table types. Unsupported table types will not have partial profiles generated. |
OrConditions
There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery.
JSON representation |
---|
{ "minRowCount": integer, "minAge": string } |
Fields | |
---|---|
minRowCount |
Minimum number of rows that should be present before Cloud DLP profiles a table |
minAge |
Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater. A duration in seconds with up to nine fractional digits, ending with ' |
DiscoveryGenerationCadence
What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity.
JSON representation |
---|
{ "schemaModifiedCadence": { object ( |
Fields | |
---|---|
schemaModifiedCadence |
Governs when to update data profiles when a schema is modified. |
tableModifiedCadence |
Governs when to update data profiles when a table is modified. |
inspectTemplateModifiedCadence |
Governs when to update data profiles when the inspection rules defined by the |
refreshFrequency |
Frequency at which profiles should be updated, regardless of whether the underlying resource has changed. Defaults to never. |
DiscoverySchemaModifiedCadence
The cadence at which to update data profiles when a schema is modified.
JSON representation |
---|
{ "types": [ enum ( |
Fields | |
---|---|
types[] |
The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS. |
frequency |
How frequently profiles may be updated when schemas are modified. Defaults to monthly. |
BigQuerySchemaModification
Attributes evaluated to determine if a schema has been modified. New values may be added at a later time.
Enums | |
---|---|
SCHEMA_MODIFICATION_UNSPECIFIED |
Unused |
SCHEMA_NEW_COLUMNS |
Profiles should be regenerated when new columns are added to the table. Default. |
SCHEMA_REMOVED_COLUMNS |
Profiles should be regenerated when columns are removed from the table. |
DataProfileUpdateFrequency
How frequently data profiles can be updated. New options can be added at a later time.
Enums | |
---|---|
UPDATE_FREQUENCY_UNSPECIFIED |
Unspecified. |
UPDATE_FREQUENCY_NEVER |
After the data profile is created, it will never be updated. |
UPDATE_FREQUENCY_DAILY |
The data profile can be updated up to once every 24 hours. |
UPDATE_FREQUENCY_MONTHLY |
The data profile can be updated up to once every 30 days. Default. |
DiscoveryTableModifiedCadence
The cadence at which to update data profiles when a table is modified.
JSON representation |
---|
{ "types": [ enum ( |
Fields | |
---|---|
types[] |
The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP. |
frequency |
How frequently data profiles can be updated when tables are modified. Defaults to never. |
BigQueryTableModification
Attributes evaluated to determine if a table has been modified. New values may be added at a later time.
Enums | |
---|---|
TABLE_MODIFICATION_UNSPECIFIED |
Unused. |
TABLE_MODIFIED_TIMESTAMP |
A table will be considered modified when the lastModifiedTime from BigQuery has been updated. |
DiscoveryInspectTemplateModifiedCadence
The cadence at which to update data profiles when the inspection rules defined by the InspectTemplate
change.
JSON representation |
---|
{
"frequency": enum ( |
Fields | |
---|---|
frequency |
How frequently data profiles can be updated when the template is modified. Defaults to never. |
Disabled
This type has no fields.
Do not profile the tables.
CloudSqlDiscoveryTarget
Target used to match against for discovery with Cloud SQL tables.
JSON representation |
---|
{ "filter": { object ( |
Fields | |
---|---|
filter |
Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table. |
conditions |
In addition to matching the filter, these conditions must be true before a profile is generated. |
Union field cadence . Type of schedule. cadence can be only one of the following: |
|
generationCadence |
How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity. |
disabled |
Disable profiling for database resources that match this filter. |
DiscoveryCloudSqlFilter
Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field filter . Whether the filter applies to a specific set of database resources or all other database resources within the location being profiled. The first filter to match will be applied, regardless of the condition. If none is set, will default to others . filter can be only one of the following: |
|
collection |
A specific set of database resources for this filter to apply to. |
others |
Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically. |
databaseResourceReference |
The database resource to scan. Targets including this can only include one target (the target with this database resource reference). |
DatabaseResourceCollection
Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field pattern . The first filter containing a pattern that matches a database resource will be used. pattern can be only one of the following: |
|
includeRegexes |
A collection of regular expressions to match a database resource against. |
DatabaseResourceRegexes
A collection of regular expressions to determine what database resources to match against.
JSON representation |
---|
{
"patterns": [
{
object ( |
Fields | |
---|---|
patterns[] |
A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB. |
DatabaseResourceRegex
A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
JSON representation |
---|
{ "projectIdRegex": string, "instanceRegex": string, "databaseRegex": string, "databaseResourceNameRegex": string } |
Fields | |
---|---|
projectIdRegex |
For organizations, if unset, will match all projects. Has no effect for configurations created within a project. |
instanceRegex |
Regex to test the instance name against. If empty, all instances match. |
databaseRegex |
Regex to test the database name against. If empty, all databases match. |
databaseResourceNameRegex |
Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match. |
AllOtherDatabaseResources
This type has no fields.
Match database resources not covered by any other filter.
DatabaseResourceReference
Identifies a single database resource, like a table within a database.
JSON representation |
---|
{ "projectId": string, "instance": string, "database": string, "databaseResource": string } |
Fields | |
---|---|
projectId |
Required. If within a project-level config, then this must match the config's project ID. |
instance |
Required. The instance where this resource is located. For example: Cloud SQL instance ID. |
database |
Required. Name of a database within the instance. |
databaseResource |
Required. Name of a database resource, for example, a table within the database. |
DiscoveryCloudSqlConditions
Requirements that must be true before a table is profiled for the first time.
JSON representation |
---|
{ "databaseEngines": [ enum ( |
Fields | |
---|---|
databaseEngines[] |
Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified. |
types[] |
Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES]. |
DatabaseEngine
The database engines that should be profiled.
Enums | |
---|---|
DATABASE_ENGINE_UNSPECIFIED |
Unused. |
ALL_SUPPORTED_DATABASE_ENGINES |
Include all supported database engines. |
MYSQL |
MySQL database. |
POSTGRES |
PostgreSQL database. |
DatabaseResourceType
Cloud SQL database resource types. New values can be added at a later time.
Enums | |
---|---|
DATABASE_RESOURCE_TYPE_UNSPECIFIED |
Unused. |
DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES |
Includes database resource types that become supported at a later time. |
DATABASE_RESOURCE_TYPE_TABLE |
Tables. |
DiscoveryCloudSqlGenerationCadence
How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity.
JSON representation |
---|
{ "schemaModifiedCadence": { object ( |
Fields | |
---|---|
schemaModifiedCadence |
When to reprofile if the schema has changed. |
refreshFrequency |
Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changed. Defaults to never. |
inspectTemplateModifiedCadence |
Governs when to update data profiles when the inspection rules defined by the |
SchemaModifiedCadence
How frequently to modify the profile when the table's schema is modified.
JSON representation |
---|
{ "types": [ enum ( |
Fields | |
---|---|
types[] |
The types of schema modifications to consider. Defaults to NEW_COLUMNS. |
frequency |
Frequency to regenerate data profiles when the schema is modified. Defaults to monthly. |
CloudSqlSchemaModification
The type of modification that causes a profile update.
Enums | |
---|---|
SQL_SCHEMA_MODIFICATION_UNSPECIFIED |
Unused. |
NEW_COLUMNS |
New columns have appeared. |
REMOVED_COLUMNS |
Columns have been removed from the table. |
SecretsDiscoveryTarget
This type has no fields.
Discovery target for credentials and secrets in cloud resource metadata.
This target does not include any filtering or frequency controls. Cloud DLP will scan cloud resource metadata for secrets daily.
No inspect template should be included in the discovery config for a security benchmarks scan. Instead, the built-in list of secrets and credentials infoTypes will be used (see https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference#credentials_and_secrets).
Credentials and secrets discovered will be reported as vulnerabilities to Security Command Center.
CloudStorageDiscoveryTarget
Target used to match against for discovery with Cloud Storage buckets.
JSON representation |
---|
{ "filter": { object ( |
Fields | |
---|---|
filter |
Required. The buckets the generationCadence applies to. The first target with a matching filter will be the one to apply to a bucket. |
conditions |
Optional. In addition to matching the filter, these conditions must be true before a profile is generated. |
Union field cadence . How often and when to update profiles. cadence can be only one of the following: |
|
generationCadence |
Optional. How often and when to update profiles. New buckets that match both the filter and conditions are scanned as quickly as possible depending on system capacity. |
disabled |
Optional. Disable profiling for buckets that match this filter. |
DiscoveryCloudStorageFilter
Determines which buckets will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID and bucket name.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field filter . Whether the filter applies to a specific set of buckets or all other buckets within the location being profiled. The first filter to match will be applied, regardless of the condition. If none is set, will default to others . filter can be only one of the following: |
|
collection |
Optional. A specific set of buckets for this filter to apply to. |
cloudStorageResourceReference |
Optional. The bucket to scan. Targets including this can only include one target (the target with this bucket). This enables profiling the contents of a single bucket, while the other options allow for easy profiling of many bucets within a project or an organization. |
others |
Optional. Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically. |
FileStoreCollection
Match file stores (e.g. buckets) using regex filters.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field pattern . The first filter containing a pattern that matches a file store will be used. pattern can be only one of the following: |
|
includeRegexes |
Optional. A collection of regular expressions to match a file store against. |
FileStoreRegexes
A collection of regular expressions to determine what file store to match against.
JSON representation |
---|
{
"patterns": [
{
object ( |
Fields | |
---|---|
patterns[] |
Required. The group of regular expression patterns to match against one or more file stores. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB. |
FileStoreRegex
A pattern to match against one or more file stores.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field resource_regex . The type of resource regex to use. resource_regex can be only one of the following: |
|
cloudStorageRegex |
Optional. Regex for Cloud Storage. |
CloudStorageRegex
A pattern to match against one or more file stores. At least one pattern must be specified. Regular expressions use RE2 syntax; a guide can be found under the google/re2 repository on GitHub.
JSON representation |
---|
{ "projectIdRegex": string, "bucketNameRegex": string } |
Fields | |
---|---|
projectIdRegex |
Optional. For organizations, if unset, will match all projects. |
bucketNameRegex |
Optional. Regex to test the bucket name against. If empty, all buckets match. Example: "marketing2021" or "(marketing)\d{4}" will both match the bucket gs://marketing2021 |
CloudStorageResourceReference
Identifies a single Cloud Storage bucket.
JSON representation |
---|
{ "bucketName": string, "projectId": string } |
Fields | |
---|---|
bucketName |
Required. The bucket to scan. |
projectId |
Required. If within a project-level config, then this must match the config's project id. |
AllOtherResources
This type has no fields.
Match discovery resources not covered by any other filter.
DiscoveryFileStoreConditions
Requirements that must be true before a file store is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.
JSON representation |
---|
{ "createdAfter": string, "minAge": string, // Union field |
Fields | |
---|---|
createdAfter |
Optional. File store must have been created after this date. Used to avoid backfilling. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
minAge |
Optional. Minimum age a file store must have. If set, the value must be 1 hour or greater. A duration in seconds with up to nine fractional digits, ending with ' |
Union field conditions . File store specific conditions. conditions can be only one of the following: |
|
cloudStorageConditions |
Optional. Cloud Storage conditions. |
DiscoveryCloudStorageConditions
Requirements that must be true before a Cloud Storage bucket or object is scanned in discovery for the first time. There is an AND relationship between the top-level attributes.
JSON representation |
---|
{ "includedObjectAttributes": [ enum ( |
Fields | |
---|---|
includedObjectAttributes[] |
Required. Only objects with the specified attributes will be scanned. If an object has one of the specified attributes but is inside an excluded bucket, it will not be scanned. Defaults to [ALL_SUPPORTED_OBJECTS]. A profile will be created even if no objects match the includedObjectAttributes. |
includedBucketAttributes[] |
Required. Only objects with the specified attributes will be scanned. Defaults to [ALL_SUPPORTED_BUCKETS] if unset. |
CloudStorageObjectAttribute
The attribute of an object. See https://cloud.google.com/storage/docs/storage-classes for more information on storage classes.
Enums | |
---|---|
CLOUD_STORAGE_OBJECT_ATTRIBUTE_UNSPECIFIED |
Unused. |
ALL_SUPPORTED_OBJECTS |
Scan objects regardless of the attribute. |
STANDARD |
Scan objects with the standard storage class. |
NEARLINE |
Scan objects with the nearline storage class. This will incur retrieval fees. |
COLDLINE |
Scan objects with the coldline storage class. This will incur retrieval fees. |
ARCHIVE |
Scan objects with the archive storage class. This will incur retrieval fees. |
REGIONAL |
Scan objects with the regional storage class. |
MULTI_REGIONAL |
Scan objects with the multi-regional storage class. |
DURABLE_REDUCED_AVAILABILITY |
Scan objects with the dual-regional storage class. This will incur retrieval fees. |
CloudStorageBucketAttribute
The attribute of a bucket.
Enums | |
---|---|
CLOUD_STORAGE_BUCKET_ATTRIBUTE_UNSPECIFIED |
Unused. |
ALL_SUPPORTED_BUCKETS |
Scan buckets regardless of the attribute. |
AUTOCLASS_DISABLED |
Buckets with autoclass disabled (https://cloud.google.com/storage/docs/autoclass). Only one of AUTOCLASS_DISABLED or AUTOCLASS_ENABLED should be set. |
AUTOCLASS_ENABLED |
Buckets with autoclass enabled (https://cloud.google.com/storage/docs/autoclass). Only one of AUTOCLASS_DISABLED or AUTOCLASS_ENABLED should be set. Scanning Autoclass-enabled buckets can affect object storage classes. |
DiscoveryCloudStorageGenerationCadence
How often existing buckets should have their profiles refreshed. New buckets are scanned as quickly as possible depending on system capacity.
JSON representation |
---|
{ "refreshFrequency": enum ( |
Fields | |
---|---|
refreshFrequency |
Optional. Data changes in Cloud Storage can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying buckets have changed. Defaults to never. |
inspectTemplateModifiedCadence |
Optional. Governs when to update data profiles when the inspection rules defined by the |
Status
Whether the discovery config is currently active. New options may be added at a later time.
Enums | |
---|---|
STATUS_UNSPECIFIED |
Unused |
RUNNING |
The discovery config is currently active. |
PAUSED |
The discovery config is paused temporarily. |
Methods |
|
---|---|
|
Creates a config for discovery to scan and profile storage. |
|
Deletes a discovery configuration. |
|
Gets a discovery configuration. |
|
Lists discovery configurations. |
|
Updates a discovery configuration. |