创建已安排的 Data Loss Prevention API 作业触发器
深入探索
如需查看包含此代码示例的详细文档,请参阅以下内容:
代码示例
C#
如需了解如何安装和使用敏感数据保护客户端库,请参阅 敏感数据保护客户端库。
如需向 Sensitive Data Protection 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
using Google.Api.Gax.ResourceNames;
using Google.Cloud.Dlp.V2;
using System;
using System.Collections.Generic;
using static Google.Cloud.Dlp.V2.CloudStorageOptions.Types;
using static Google.Cloud.Dlp.V2.InspectConfig.Types;
using static Google.Cloud.Dlp.V2.JobTrigger.Types;
using static Google.Cloud.Dlp.V2.StorageConfig.Types;
public class TriggersCreate
{
public static JobTrigger Create(
string projectId,
string bucketName,
Likelihood minLikelihood,
int maxFindings,
bool autoPopulateTimespan,
int scanPeriod,
IEnumerable<InfoType> infoTypes,
string triggerId,
string displayName,
string description)
{
var dlp = DlpServiceClient.Create();
var jobConfig = new InspectJobConfig
{
InspectConfig = new InspectConfig
{
MinLikelihood = minLikelihood,
Limits = new FindingLimits
{
MaxFindingsPerRequest = maxFindings
},
InfoTypes = { infoTypes }
},
StorageConfig = new StorageConfig
{
CloudStorageOptions = new CloudStorageOptions
{
FileSet = new FileSet
{
Url = $"gs://{bucketName}/*"
}
},
TimespanConfig = new TimespanConfig
{
EnableAutoPopulationOfTimespanConfig = autoPopulateTimespan
}
}
};
var jobTrigger = new JobTrigger
{
Triggers =
{
new Trigger
{
Schedule = new Schedule
{
RecurrencePeriodDuration = new Google.Protobuf.WellKnownTypes.Duration
{
Seconds = scanPeriod * 60 * 60 * 24
}
}
}
},
InspectJob = jobConfig,
Status = Status.Healthy,
DisplayName = displayName,
Description = description
};
var response = dlp.CreateJobTrigger(
new CreateJobTriggerRequest
{
Parent = new LocationName(projectId, "global").ToString(),
JobTrigger = jobTrigger,
TriggerId = triggerId
});
Console.WriteLine($"Successfully created trigger {response.Name}");
return response;
}
}
Go
如需了解如何安装和使用敏感数据保护客户端库,请参阅 敏感数据保护客户端库。
如需向 Sensitive Data Protection 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import (
"context"
"fmt"
"io"
dlp "cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
"github.com/golang/protobuf/ptypes/duration"
)
// createTrigger creates a trigger with the given configuration.
func createTrigger(w io.Writer, projectID string, triggerID, displayName, description, bucketName string, infoTypeNames []string) error {
// projectID := "my-project-id"
// triggerID := "my-trigger"
// displayName := "My Trigger"
// description := "My trigger description"
// bucketName := "my-bucket"
// infoTypeNames := []string{"US_SOCIAL_SECURITY_NUMBER"}
ctx := context.Background()
client, err := dlp.NewClient(ctx)
if err != nil {
return fmt.Errorf("dlp.NewClient: %w", err)
}
defer client.Close()
// Convert the info type strings to a list of InfoTypes.
var infoTypes []*dlppb.InfoType
for _, it := range infoTypeNames {
infoTypes = append(infoTypes, &dlppb.InfoType{Name: it})
}
// Create a configured request.
req := &dlppb.CreateJobTriggerRequest{
Parent: fmt.Sprintf("projects/%s/locations/global", projectID),
TriggerId: triggerID,
JobTrigger: &dlppb.JobTrigger{
DisplayName: displayName,
Description: description,
Status: dlppb.JobTrigger_HEALTHY,
// Triggers control when the job will start.
Triggers: []*dlppb.JobTrigger_Trigger{
{
Trigger: &dlppb.JobTrigger_Trigger_Schedule{
Schedule: &dlppb.Schedule{
Option: &dlppb.Schedule_RecurrencePeriodDuration{
RecurrencePeriodDuration: &duration.Duration{
Seconds: 10 * 60 * 60 * 24, // 10 days in seconds.
},
},
},
},
},
},
// Job configures the job to run when the trigger runs.
Job: &dlppb.JobTrigger_InspectJob{
InspectJob: &dlppb.InspectJobConfig{
InspectConfig: &dlppb.InspectConfig{
InfoTypes: infoTypes,
MinLikelihood: dlppb.Likelihood_POSSIBLE,
Limits: &dlppb.InspectConfig_FindingLimits{
MaxFindingsPerRequest: 10,
},
},
StorageConfig: &dlppb.StorageConfig{
Type: &dlppb.StorageConfig_CloudStorageOptions{
CloudStorageOptions: &dlppb.CloudStorageOptions{
FileSet: &dlppb.CloudStorageOptions_FileSet{
Url: "gs://" + bucketName + "/*",
},
},
},
// Time-based configuration for each storage object. See more at
// https://cloud.google.com/dlp/docs/reference/rest/v2/InspectJobConfig#TimespanConfig
TimespanConfig: &dlppb.StorageConfig_TimespanConfig{
// Auto-populate start and end times in order to scan new objects only.
EnableAutoPopulationOfTimespanConfig: true,
},
},
},
},
},
}
// Send the request.
resp, err := client.CreateJobTrigger(ctx, req)
if err != nil {
return fmt.Errorf("CreateJobTrigger: %w", err)
}
fmt.Fprintf(w, "Successfully created trigger: %v", resp.GetName())
return nil
}
Java
如需了解如何安装和使用敏感数据保护客户端库,请参阅 敏感数据保护客户端库。
如需向 Sensitive Data Protection 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
import com.google.cloud.dlp.v2.DlpServiceClient;
import com.google.privacy.dlp.v2.CloudStorageOptions;
import com.google.privacy.dlp.v2.CreateJobTriggerRequest;
import com.google.privacy.dlp.v2.InfoType;
import com.google.privacy.dlp.v2.InspectConfig;
import com.google.privacy.dlp.v2.InspectJobConfig;
import com.google.privacy.dlp.v2.JobTrigger;
import com.google.privacy.dlp.v2.LocationName;
import com.google.privacy.dlp.v2.Schedule;
import com.google.privacy.dlp.v2.StorageConfig;
import com.google.privacy.dlp.v2.StorageConfig.TimespanConfig;
import com.google.protobuf.Duration;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
public class TriggersCreate {
public static void main(String[] args) throws Exception {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String gcsPath = "gs://" + "your-bucket-name" + "path/to/file.txt";
createTrigger(projectId, gcsPath);
}
public static void createTrigger(String projectId, String gcsPath) throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try (DlpServiceClient dlpServiceClient = DlpServiceClient.create()) {
// Set autoPopulateTimespan to true to scan only new content
boolean autoPopulateTimespan = true;
TimespanConfig timespanConfig =
TimespanConfig.newBuilder()
.setEnableAutoPopulationOfTimespanConfig(autoPopulateTimespan)
.build();
// Specify the GCS file to be inspected.
CloudStorageOptions cloudStorageOptions =
CloudStorageOptions.newBuilder()
.setFileSet(CloudStorageOptions.FileSet.newBuilder().setUrl(gcsPath))
.build();
StorageConfig storageConfig =
StorageConfig.newBuilder()
.setCloudStorageOptions(cloudStorageOptions)
.setTimespanConfig(timespanConfig)
.build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
List<InfoType> infoTypes =
Stream.of("PHONE_NUMBER", "EMAIL_ADDRESS", "CREDIT_CARD_NUMBER")
.map(it -> InfoType.newBuilder().setName(it).build())
.collect(Collectors.toList());
InspectConfig inspectConfig = InspectConfig.newBuilder().addAllInfoTypes(infoTypes).build();
// Configure the inspection job we want the service to perform.
InspectJobConfig inspectJobConfig =
InspectJobConfig.newBuilder()
.setInspectConfig(inspectConfig)
.setStorageConfig(storageConfig)
.build();
// Set scanPeriod to the number of days between scans (minimum: 1 day)
int scanPeriod = 1;
// Optionally set a display name of max 100 chars and a description of max 250 chars
String displayName = "Daily Scan";
String description = "A daily inspection for personally identifiable information.";
// Schedule scan of GCS bucket every scanPeriod number of days (minimum = 1 day)
Duration duration = Duration.newBuilder().setSeconds(scanPeriod * 24 * 3600).build();
Schedule schedule = Schedule.newBuilder().setRecurrencePeriodDuration(duration).build();
JobTrigger.Trigger trigger = JobTrigger.Trigger.newBuilder().setSchedule(schedule).build();
JobTrigger jobTrigger =
JobTrigger.newBuilder()
.setInspectJob(inspectJobConfig)
.setDisplayName(displayName)
.setDescription(description)
.setStatus(JobTrigger.Status.HEALTHY)
.addTriggers(trigger)
.build();
// Create scan request to be sent by client
CreateJobTriggerRequest createJobTriggerRequest =
CreateJobTriggerRequest.newBuilder()
.setParent(LocationName.of(projectId, "global").toString())
.setJobTrigger(jobTrigger)
.build();
// Send the scan request and process the response
JobTrigger createdJobTrigger = dlpServiceClient.createJobTrigger(createJobTriggerRequest);
System.out.println("Created Trigger: " + createdJobTrigger.getName());
System.out.println("Display Name: " + createdJobTrigger.getDisplayName());
System.out.println("Description: " + createdJobTrigger.getDescription());
}
}
}Node.js
如需了解如何安装和使用敏感数据保护客户端库,请参阅 敏感数据保护客户端库。
如需向 Sensitive Data Protection 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
// Imports the Google Cloud Data Loss Prevention library
const DLP = require('@google-cloud/dlp');
// Instantiates a client
const dlp = new DLP.DlpServiceClient();
// The project ID to run the API call under
// const projectId = 'my-project';
// (Optional) The name of the trigger to be created.
// const triggerId = 'my-trigger';
// (Optional) A display name for the trigger to be created
// const displayName = 'My Trigger';
// (Optional) A description for the trigger to be created
// const description = "This is a sample trigger.";
// The name of the bucket to scan.
// const bucketName = 'YOUR-BUCKET';
// Limit scan to new content only.
// const autoPopulateTimespan = true;
// How often to wait between scans, in days (minimum = 1 day)
// const scanPeriod = 1;
// The infoTypes of information to match
// const infoTypes = [{ name: 'PHONE_NUMBER' }, { name: 'EMAIL_ADDRESS' }, { name: 'CREDIT_CARD_NUMBER' }];
// The minimum likelihood required before returning a match
// const minLikelihood = 'LIKELIHOOD_UNSPECIFIED';
// The maximum number of findings to report per request (0 = server maximum)
// const maxFindings = 0;
async function createTrigger() {
// Get reference to the bucket to be inspected
const storageItem = {
cloudStorageOptions: {
fileSet: {url: `gs://${bucketName}/*`},
},
timeSpanConfig: {
enableAutoPopulationOfTimespanConfig: autoPopulateTimespan,
},
};
// Construct job to be triggered
const job = {
inspectConfig: {
infoTypes: infoTypes,
minLikelihood: minLikelihood,
limits: {
maxFindingsPerRequest: maxFindings,
},
},
storageConfig: storageItem,
};
// Construct trigger creation request
const request = {
parent: `projects/${projectId}/locations/global`,
jobTrigger: {
inspectJob: job,
displayName: displayName,
description: description,
triggers: [
{
schedule: {
recurrencePeriodDuration: {
seconds: scanPeriod * 60 * 60 * 24, // Trigger the scan daily
},
},
},
],
status: 'HEALTHY',
},
triggerId: triggerId,
};
// Run trigger creation request
const [trigger] = await dlp.createJobTrigger(request);
console.log(`Successfully created trigger ${trigger.name}.`);
}
createTrigger();PHP
如需了解如何安装和使用敏感数据保护客户端库,请参阅 敏感数据保护客户端库。
如需向 Sensitive Data Protection 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\CloudStorageOptions;
use Google\Cloud\Dlp\V2\CloudStorageOptions\FileSet;
use Google\Cloud\Dlp\V2\CreateJobTriggerRequest;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectConfig\FindingLimits;
use Google\Cloud\Dlp\V2\InspectJobConfig;
use Google\Cloud\Dlp\V2\JobTrigger;
use Google\Cloud\Dlp\V2\JobTrigger\Status;
use Google\Cloud\Dlp\V2\JobTrigger\Trigger;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\Schedule;
use Google\Cloud\Dlp\V2\StorageConfig;
use Google\Cloud\Dlp\V2\StorageConfig\TimespanConfig;
use Google\Protobuf\Duration;
/**
* Create a Data Loss Prevention API job trigger.
*
* @param string $callingProjectId The project ID to run the API call under
* @param string $bucketName The name of the bucket to scan
* @param string $triggerId (Optional) The name of the trigger to be created
* @param string $displayName (Optional) The human-readable name to give the trigger
* @param string $description (Optional) A description for the trigger to be created
* @param int $scanPeriod (Optional) How often to wait between scans, in days (minimum = 1 day)
* @param bool $autoPopulateTimespan (Optional) Automatically limit scan to new content only
* @param int $maxFindings (Optional) The maximum number of findings to report per request (0 = server maximum)
*/
function create_trigger(
string $callingProjectId,
string $bucketName,
string $triggerId,
string $displayName,
string $description,
int $scanPeriod,
bool $autoPopulateTimespan,
int $maxFindings
): void {
// Instantiate a client.
$dlp = new DlpServiceClient();
// ----- Construct job config -----
// The infoTypes of information to match
$personNameInfoType = (new InfoType())
->setName('PERSON_NAME');
$phoneNumberInfoType = (new InfoType())
->setName('PHONE_NUMBER');
$infoTypes = [$personNameInfoType, $phoneNumberInfoType];
// The minimum likelihood required before returning a match
$minLikelihood = likelihood::LIKELIHOOD_UNSPECIFIED;
// Specify finding limits
$limits = (new FindingLimits())
->setMaxFindingsPerRequest($maxFindings);
// Create the inspectConfig object
$inspectConfig = (new InspectConfig())
->setMinLikelihood($minLikelihood)
->setLimits($limits)
->setInfoTypes($infoTypes);
// Create triggers
$duration = (new Duration())
->setSeconds($scanPeriod * 60 * 60 * 24);
$schedule = (new Schedule())
->setRecurrencePeriodDuration($duration);
$triggerObject = (new Trigger())
->setSchedule($schedule);
// Create the storageConfig object
$fileSet = (new FileSet())
->setUrl('gs://' . $bucketName . '/*');
$storageOptions = (new CloudStorageOptions())
->setFileSet($fileSet);
// Auto-populate start and end times in order to scan new objects only.
$timespanConfig = (new TimespanConfig())
->setEnableAutoPopulationOfTimespanConfig($autoPopulateTimespan);
$storageConfig = (new StorageConfig())
->setCloudStorageOptions($storageOptions)
->setTimespanConfig($timespanConfig);
// Construct the jobConfig object
$jobConfig = (new InspectJobConfig())
->setInspectConfig($inspectConfig)
->setStorageConfig($storageConfig);
// ----- Construct trigger object -----
$jobTriggerObject = (new JobTrigger())
->setTriggers([$triggerObject])
->setInspectJob($jobConfig)
->setStatus(Status::HEALTHY)
->setDisplayName($displayName)
->setDescription($description);
// Run trigger creation request
$parent = $dlp->locationName($callingProjectId, 'global');
$createJobTriggerRequest = (new CreateJobTriggerRequest())
->setParent($parent)
->setJobTrigger($jobTriggerObject)
->setTriggerId($triggerId);
$trigger = $dlp->createJobTrigger($createJobTriggerRequest);
// Print results
printf('Successfully created trigger %s' . PHP_EOL, $trigger->getName());
}Python
如需了解如何安装和使用敏感数据保护客户端库,请参阅 敏感数据保护客户端库。
如需向 Sensitive Data Protection 进行身份验证,请设置应用默认凭据。 如需了解详情,请参阅为本地开发环境设置身份验证。
from typing import Optional
import google.cloud.dlp
def create_trigger(
project: str,
bucket: str,
scan_period_days: int,
info_types: List[str],
trigger_id: Optional[str] = None,
display_name: Optional[str] = None,
description: Optional[str] = None,
min_likelihood: Optional[int] = None,
max_findings: Optional[int] = None,
auto_populate_timespan: Optional[bool] = False,
) -> None:
"""Creates a scheduled Data Loss Prevention API inspect_content trigger.
Args:
project: The Google Cloud project id to use as a parent resource.
bucket: The name of the GCS bucket to scan. This sample scans all
files in the bucket using a wildcard.
scan_period_days: How often to repeat the scan, in days.
The minimum is 1 day.
info_types: A list of strings representing info types to look for.
A full list of info type categories can be fetched from the API.
trigger_id: The id of the trigger. If omitted, an id will be randomly
generated.
display_name: The optional display name of the trigger.
description: The optional description of the trigger.
min_likelihood: A string representing the minimum likelihood threshold
that constitutes a match. One of: 'LIKELIHOOD_UNSPECIFIED',
'VERY_UNLIKELY', 'UNLIKELY', 'POSSIBLE', 'LIKELY', 'VERY_LIKELY'.
max_findings: The maximum number of findings to report; 0 = no maximum.
auto_populate_timespan: Automatically populates time span config start
and end times in order to scan new content only.
Returns:
None; the response from the API is printed to the terminal.
"""
# Instantiate a client.
dlp = google.cloud.dlp_v2.DlpServiceClient()
# Prepare info_types by converting the list of strings into a list of
# dictionaries (protos are also accepted).
info_types = [{"name": info_type} for info_type in info_types]
# Construct the configuration dictionary. Keys which are None may
# optionally be omitted entirely.
inspect_config = {
"info_types": info_types,
"min_likelihood": min_likelihood,
"limits": {"max_findings_per_request": max_findings},
}
# Construct a cloud_storage_options dictionary with the bucket's URL.
url = f"gs://{bucket}/*"
storage_config = {
"cloud_storage_options": {"file_set": {"url": url}},
# Time-based configuration for each storage object.
"timespan_config": {
# Auto-populate start and end times in order to scan new objects
# only.
"enable_auto_population_of_timespan_config": auto_populate_timespan
},
}
# Construct the job definition.
job = {"inspect_config": inspect_config, "storage_config": storage_config}
# Construct the schedule definition:
schedule = {
"recurrence_period_duration": {"seconds": scan_period_days * 60 * 60 * 24}
}
# Construct the trigger definition.
job_trigger = {
"inspect_job": job,
"display_name": display_name,
"description": description,
"triggers": [{"schedule": schedule}],
"status": google.cloud.dlp_v2.JobTrigger.Status.HEALTHY,
}
# Convert the project id into a full resource id.
parent = f"projects/{project}"
# Call the API.
response = dlp.create_job_trigger(
request={"parent": parent, "job_trigger": job_trigger, "trigger_id": trigger_id}
)
print(f"Successfully created trigger {response.name}")
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅 Google Cloud 示例浏览器。