Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates a config for discovery to scan and profile storage.
Deletes a discovery configuration.
Gets a discovery configuration.
list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)
Lists discovery configurations.
Retrieves the next page of results.
patch(name, body=None, x__xgafv=None)
Updates a discovery configuration.
close()
Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates a config for discovery to scan and profile storage.
Args:
parent: string, Required. Parent resource name. The format of this value is as follows: `projects/`PROJECT_ID`/locations/`LOCATION_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)
body: object, The request body.
The object takes the form of:
{ # Request message for CreateDiscoveryConfig.
"configId": "A String", # The config ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: `[a-zA-Z\d-_]+`. The maximum length is 100 characters. Can be empty to allow the system to generate one.
"discoveryConfig": { # Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention). # Required. The DiscoveryConfig to create.
"actions": [ # Actions to execute at the completion of scanning.
{ # A task to execute when a data profile has been generated.
"exportData": { # If set, the detailed data profiles will be persisted to the location of your choice whenever updated. # Export data profiles into a provided location.
"profileTable": { # Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. # Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification.
"datasetId": "A String", # Dataset ID of the table.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
},
},
"pubSubNotification": { # Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`. # Publish a message into the Pub/Sub topic.
"detailOfMessage": "A String", # How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).
"event": "A String", # The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.
"pubsubCondition": { # A condition for determining whether a Pub/Sub should be triggered. # Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.
"expressions": { # An expression, consisting of an operator and conditions. # An expression.
"conditions": [ # Conditions to apply to the expression.
{ # A condition consisting of a value.
"minimumRiskScore": "A String", # The minimum data risk score that triggers the condition.
"minimumSensitivityScore": "A String", # The minimum sensitivity level that triggers the condition.
},
],
"logicalOperator": "A String", # The operator to apply to the collection of conditions.
},
},
"topic": "A String", # Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.
},
},
],
"createTime": "A String", # Output only. The creation timestamp of a DiscoveryConfig.
"displayName": "A String", # Display name (max 100 chars)
"errors": [ # Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
{ # Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
"details": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Detailed error codes and messages.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"timestamps": [ # The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
"A String",
],
},
],
"inspectTemplates": [ # Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
"A String",
],
"lastRunTime": "A String", # Output only. The timestamp of the last time this config was executed.
"name": "A String", # Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
"orgConfig": { # Project and scan location information. Only set when the parent is an org. # Only set when the parent is an org.
"location": { # The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization. # The data to scan: folder, org, or project
"folderId": "A String", # The ID of the Folder within an organization to scan.
"organizationId": "A String", # The ID of an organization to scan.
},
"projectId": "A String", # The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled.
},
"status": "A String", # Required. A status for this configuration.
"targets": [ # Target to match against for determining what to scan and how frequently.
{ # Target used to match against for Discovery.
"bigQueryTarget": { # Target used to match against for discovery with BigQuery tables # BigQuery target for Discovery. The first target to match a table will be the one applied.
"cadence": { # What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"schemaModifiedCadence": { # The cadence at which to update data profiles when a schema is modified. # Governs when to update data profiles when a schema is modified.
"frequency": "A String", # How frequently profiles may be updated when schemas are modified. Defaults to monthly.
"types": [ # The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS.
"A String",
],
},
"tableModifiedCadence": { # The cadence at which to update data profiles when a table is modified. # Governs when to update data profiles when a table is modified.
"frequency": "A String", # How frequently data profiles can be updated when tables are modified. Defaults to never.
"types": [ # The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.
"A String",
],
},
},
"conditions": { # Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age). # In addition to matching the filter, these conditions must be true before a profile is generated.
"createdAfter": "A String", # BigQuery table must have been created after this date. Used to avoid backfilling.
"orConditions": { # There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery. # At least one of the conditions must be true for a table to be scanned.
"minAge": "A String", # Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.
"minRowCount": 42, # Minimum number of rows that should be present before Cloud DLP profiles a table
},
"typeCollection": "A String", # Restrict discovery to categories of table types.
"types": { # The types of BigQuery tables supported by Cloud DLP. # Restrict discovery to specific table types.
"types": [ # A set of BigQuery table types.
"A String",
],
},
},
"disabled": { # Do not profile the tables. # Tables that match this filter will not have profiles created.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"otherTables": { # Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. # Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
"tables": { # Specifies a collection of BigQuery tables. Used for Discovery. # A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.
"includeRegexes": { # A collection of regular expressions to determine what tables to match against. # A collection of regular expressions to match a BigQuery table against.
"patterns": [ # A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.
{ # A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"datasetIdRegex": "A String", # If unset, this property matches all datasets.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.
"tableIdRegex": "A String", # If unset, this property matches all tables.
},
],
},
},
},
},
"cloudSqlTarget": { # Target used to match against for discovery with Cloud SQL tables. # Cloud SQL target for Discovery. The first target to match a table will be the one applied.
"conditions": { # Requirements that must be true before a table is profiled for the first time. # In addition to matching the filter, these conditions must be true before a profile is generated.
"databaseEngines": [ # Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.
"A String",
],
"types": [ # Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES].
"A String",
],
},
"disabled": { # Do not profile the tables. # Disable profiling for database resources that match this filter.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"collection": { # Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures. # A specific set of database resources for this filter to apply to.
"includeRegexes": { # A collection of regular expressions to determine what database resources to match against. # A collection of regular expressions to match a database resource against.
"patterns": [ # A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.
{ # A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"databaseRegex": "A String", # Regex to test the database name against. If empty, all databases match.
"databaseResourceNameRegex": "A String", # Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.
"instanceRegex": "A String", # Regex to test the instance name against. If empty, all instances match.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for Data Profile configurations created within a project.
},
],
},
},
"databaseResourceReference": { # Identifies a single database resource, like a table within a database. # The database resource to scan. Targets including this can only include one target (the target with this database resource reference).
"instance": "A String", # Required. The instance where this resource is located. For example: Cloud SQL's instance id.
"projectId": "A String", # Required. If within a project-level config, then this must match the config's project id.
},
"others": { # Match database resources not covered by any other filter. # Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
},
"generationCadence": { # How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"refreshFrequency": "A String", # Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never.
"schemaModifiedCadence": { # How frequency to modify the profile when the table's schema is modified. # When to reprofile if the schema has changed.
"frequency": "A String", # Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.
"types": [ # The types of schema modifications to consider. Defaults to NEW_COLUMNS.
"A String",
],
},
},
},
},
],
"updateTime": "A String", # Output only. The last update timestamp of a DiscoveryConfig.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
"actions": [ # Actions to execute at the completion of scanning.
{ # A task to execute when a data profile has been generated.
"exportData": { # If set, the detailed data profiles will be persisted to the location of your choice whenever updated. # Export data profiles into a provided location.
"profileTable": { # Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. # Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification.
"datasetId": "A String", # Dataset ID of the table.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
},
},
"pubSubNotification": { # Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`. # Publish a message into the Pub/Sub topic.
"detailOfMessage": "A String", # How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).
"event": "A String", # The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.
"pubsubCondition": { # A condition for determining whether a Pub/Sub should be triggered. # Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.
"expressions": { # An expression, consisting of an operator and conditions. # An expression.
"conditions": [ # Conditions to apply to the expression.
{ # A condition consisting of a value.
"minimumRiskScore": "A String", # The minimum data risk score that triggers the condition.
"minimumSensitivityScore": "A String", # The minimum sensitivity level that triggers the condition.
},
],
"logicalOperator": "A String", # The operator to apply to the collection of conditions.
},
},
"topic": "A String", # Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.
},
},
],
"createTime": "A String", # Output only. The creation timestamp of a DiscoveryConfig.
"displayName": "A String", # Display name (max 100 chars)
"errors": [ # Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
{ # Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
"details": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Detailed error codes and messages.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"timestamps": [ # The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
"A String",
],
},
],
"inspectTemplates": [ # Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
"A String",
],
"lastRunTime": "A String", # Output only. The timestamp of the last time this config was executed.
"name": "A String", # Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
"orgConfig": { # Project and scan location information. Only set when the parent is an org. # Only set when the parent is an org.
"location": { # The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization. # The data to scan: folder, org, or project
"folderId": "A String", # The ID of the Folder within an organization to scan.
"organizationId": "A String", # The ID of an organization to scan.
},
"projectId": "A String", # The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled.
},
"status": "A String", # Required. A status for this configuration.
"targets": [ # Target to match against for determining what to scan and how frequently.
{ # Target used to match against for Discovery.
"bigQueryTarget": { # Target used to match against for discovery with BigQuery tables # BigQuery target for Discovery. The first target to match a table will be the one applied.
"cadence": { # What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"schemaModifiedCadence": { # The cadence at which to update data profiles when a schema is modified. # Governs when to update data profiles when a schema is modified.
"frequency": "A String", # How frequently profiles may be updated when schemas are modified. Defaults to monthly.
"types": [ # The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS.
"A String",
],
},
"tableModifiedCadence": { # The cadence at which to update data profiles when a table is modified. # Governs when to update data profiles when a table is modified.
"frequency": "A String", # How frequently data profiles can be updated when tables are modified. Defaults to never.
"types": [ # The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.
"A String",
],
},
},
"conditions": { # Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age). # In addition to matching the filter, these conditions must be true before a profile is generated.
"createdAfter": "A String", # BigQuery table must have been created after this date. Used to avoid backfilling.
"orConditions": { # There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery. # At least one of the conditions must be true for a table to be scanned.
"minAge": "A String", # Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.
"minRowCount": 42, # Minimum number of rows that should be present before Cloud DLP profiles a table
},
"typeCollection": "A String", # Restrict discovery to categories of table types.
"types": { # The types of BigQuery tables supported by Cloud DLP. # Restrict discovery to specific table types.
"types": [ # A set of BigQuery table types.
"A String",
],
},
},
"disabled": { # Do not profile the tables. # Tables that match this filter will not have profiles created.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"otherTables": { # Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. # Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
"tables": { # Specifies a collection of BigQuery tables. Used for Discovery. # A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.
"includeRegexes": { # A collection of regular expressions to determine what tables to match against. # A collection of regular expressions to match a BigQuery table against.
"patterns": [ # A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.
{ # A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"datasetIdRegex": "A String", # If unset, this property matches all datasets.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.
"tableIdRegex": "A String", # If unset, this property matches all tables.
},
],
},
},
},
},
"cloudSqlTarget": { # Target used to match against for discovery with Cloud SQL tables. # Cloud SQL target for Discovery. The first target to match a table will be the one applied.
"conditions": { # Requirements that must be true before a table is profiled for the first time. # In addition to matching the filter, these conditions must be true before a profile is generated.
"databaseEngines": [ # Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.
"A String",
],
"types": [ # Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES].
"A String",
],
},
"disabled": { # Do not profile the tables. # Disable profiling for database resources that match this filter.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"collection": { # Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures. # A specific set of database resources for this filter to apply to.
"includeRegexes": { # A collection of regular expressions to determine what database resources to match against. # A collection of regular expressions to match a database resource against.
"patterns": [ # A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.
{ # A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"databaseRegex": "A String", # Regex to test the database name against. If empty, all databases match.
"databaseResourceNameRegex": "A String", # Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.
"instanceRegex": "A String", # Regex to test the instance name against. If empty, all instances match.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for Data Profile configurations created within a project.
},
],
},
},
"databaseResourceReference": { # Identifies a single database resource, like a table within a database. # The database resource to scan. Targets including this can only include one target (the target with this database resource reference).
"instance": "A String", # Required. The instance where this resource is located. For example: Cloud SQL's instance id.
"projectId": "A String", # Required. If within a project-level config, then this must match the config's project id.
},
"others": { # Match database resources not covered by any other filter. # Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
},
"generationCadence": { # How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"refreshFrequency": "A String", # Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never.
"schemaModifiedCadence": { # How frequency to modify the profile when the table's schema is modified. # When to reprofile if the schema has changed.
"frequency": "A String", # Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.
"types": [ # The types of schema modifications to consider. Defaults to NEW_COLUMNS.
"A String",
],
},
},
},
},
],
"updateTime": "A String", # Output only. The last update timestamp of a DiscoveryConfig.
}
delete(name, x__xgafv=None)
Deletes a discovery configuration.
Args:
name: string, Required. Resource name of the project and the config, for example `projects/dlp-test-project/discoveryConfigs/53234423`. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
}
get(name, x__xgafv=None)
Gets a discovery configuration.
Args:
name: string, Required. Resource name of the project and the configuration, for example `projects/dlp-test-project/discoveryConfigs/53234423`. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
"actions": [ # Actions to execute at the completion of scanning.
{ # A task to execute when a data profile has been generated.
"exportData": { # If set, the detailed data profiles will be persisted to the location of your choice whenever updated. # Export data profiles into a provided location.
"profileTable": { # Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. # Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification.
"datasetId": "A String", # Dataset ID of the table.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
},
},
"pubSubNotification": { # Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`. # Publish a message into the Pub/Sub topic.
"detailOfMessage": "A String", # How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).
"event": "A String", # The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.
"pubsubCondition": { # A condition for determining whether a Pub/Sub should be triggered. # Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.
"expressions": { # An expression, consisting of an operator and conditions. # An expression.
"conditions": [ # Conditions to apply to the expression.
{ # A condition consisting of a value.
"minimumRiskScore": "A String", # The minimum data risk score that triggers the condition.
"minimumSensitivityScore": "A String", # The minimum sensitivity level that triggers the condition.
},
],
"logicalOperator": "A String", # The operator to apply to the collection of conditions.
},
},
"topic": "A String", # Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.
},
},
],
"createTime": "A String", # Output only. The creation timestamp of a DiscoveryConfig.
"displayName": "A String", # Display name (max 100 chars)
"errors": [ # Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
{ # Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
"details": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Detailed error codes and messages.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"timestamps": [ # The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
"A String",
],
},
],
"inspectTemplates": [ # Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
"A String",
],
"lastRunTime": "A String", # Output only. The timestamp of the last time this config was executed.
"name": "A String", # Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
"orgConfig": { # Project and scan location information. Only set when the parent is an org. # Only set when the parent is an org.
"location": { # The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization. # The data to scan: folder, org, or project
"folderId": "A String", # The ID of the Folder within an organization to scan.
"organizationId": "A String", # The ID of an organization to scan.
},
"projectId": "A String", # The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled.
},
"status": "A String", # Required. A status for this configuration.
"targets": [ # Target to match against for determining what to scan and how frequently.
{ # Target used to match against for Discovery.
"bigQueryTarget": { # Target used to match against for discovery with BigQuery tables # BigQuery target for Discovery. The first target to match a table will be the one applied.
"cadence": { # What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"schemaModifiedCadence": { # The cadence at which to update data profiles when a schema is modified. # Governs when to update data profiles when a schema is modified.
"frequency": "A String", # How frequently profiles may be updated when schemas are modified. Defaults to monthly.
"types": [ # The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS.
"A String",
],
},
"tableModifiedCadence": { # The cadence at which to update data profiles when a table is modified. # Governs when to update data profiles when a table is modified.
"frequency": "A String", # How frequently data profiles can be updated when tables are modified. Defaults to never.
"types": [ # The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.
"A String",
],
},
},
"conditions": { # Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age). # In addition to matching the filter, these conditions must be true before a profile is generated.
"createdAfter": "A String", # BigQuery table must have been created after this date. Used to avoid backfilling.
"orConditions": { # There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery. # At least one of the conditions must be true for a table to be scanned.
"minAge": "A String", # Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.
"minRowCount": 42, # Minimum number of rows that should be present before Cloud DLP profiles a table
},
"typeCollection": "A String", # Restrict discovery to categories of table types.
"types": { # The types of BigQuery tables supported by Cloud DLP. # Restrict discovery to specific table types.
"types": [ # A set of BigQuery table types.
"A String",
],
},
},
"disabled": { # Do not profile the tables. # Tables that match this filter will not have profiles created.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"otherTables": { # Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. # Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
"tables": { # Specifies a collection of BigQuery tables. Used for Discovery. # A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.
"includeRegexes": { # A collection of regular expressions to determine what tables to match against. # A collection of regular expressions to match a BigQuery table against.
"patterns": [ # A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.
{ # A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"datasetIdRegex": "A String", # If unset, this property matches all datasets.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.
"tableIdRegex": "A String", # If unset, this property matches all tables.
},
],
},
},
},
},
"cloudSqlTarget": { # Target used to match against for discovery with Cloud SQL tables. # Cloud SQL target for Discovery. The first target to match a table will be the one applied.
"conditions": { # Requirements that must be true before a table is profiled for the first time. # In addition to matching the filter, these conditions must be true before a profile is generated.
"databaseEngines": [ # Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.
"A String",
],
"types": [ # Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES].
"A String",
],
},
"disabled": { # Do not profile the tables. # Disable profiling for database resources that match this filter.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"collection": { # Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures. # A specific set of database resources for this filter to apply to.
"includeRegexes": { # A collection of regular expressions to determine what database resources to match against. # A collection of regular expressions to match a database resource against.
"patterns": [ # A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.
{ # A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"databaseRegex": "A String", # Regex to test the database name against. If empty, all databases match.
"databaseResourceNameRegex": "A String", # Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.
"instanceRegex": "A String", # Regex to test the instance name against. If empty, all instances match.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for Data Profile configurations created within a project.
},
],
},
},
"databaseResourceReference": { # Identifies a single database resource, like a table within a database. # The database resource to scan. Targets including this can only include one target (the target with this database resource reference).
"instance": "A String", # Required. The instance where this resource is located. For example: Cloud SQL's instance id.
"projectId": "A String", # Required. If within a project-level config, then this must match the config's project id.
},
"others": { # Match database resources not covered by any other filter. # Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
},
"generationCadence": { # How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"refreshFrequency": "A String", # Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never.
"schemaModifiedCadence": { # How frequency to modify the profile when the table's schema is modified. # When to reprofile if the schema has changed.
"frequency": "A String", # Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.
"types": [ # The types of schema modifications to consider. Defaults to NEW_COLUMNS.
"A String",
],
},
},
},
},
],
"updateTime": "A String", # Output only. The last update timestamp of a DiscoveryConfig.
}
list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None)
Lists discovery configurations.
Args:
parent: string, Required. Parent resource name. The format of this value is as follows: `projects/`PROJECT_ID`/locations/`LOCATION_ID The following example `parent` string specifies a parent project with the identifier `example-project`, and specifies the `europe-west3` location for processing data: parent=projects/example-project/locations/europe-west3 (required)
orderBy: string, Comma separated list of config fields to order by, followed by `asc` or `desc` postfix. This list is case insensitive. The default sorting order is ascending. Redundant space characters are insignificant. Example: `name asc,update_time, create_time desc` Supported fields are: - `last_run_time`: corresponds to the last time the DiscoveryConfig ran. - `name`: corresponds to the DiscoveryConfig's name. - `status`: corresponds to DiscoveryConfig's status.
pageSize: integer, Size of the page. This value can be limited by a server.
pageToken: string, Page token to continue retrieval. Comes from the previous call to ListDiscoveryConfigs. `order_by` field must not change for subsequent calls.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for ListDiscoveryConfigs.
"discoveryConfigs": [ # List of configs, up to page_size in ListDiscoveryConfigsRequest.
{ # Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
"actions": [ # Actions to execute at the completion of scanning.
{ # A task to execute when a data profile has been generated.
"exportData": { # If set, the detailed data profiles will be persisted to the location of your choice whenever updated. # Export data profiles into a provided location.
"profileTable": { # Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. # Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification.
"datasetId": "A String", # Dataset ID of the table.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
},
},
"pubSubNotification": { # Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`. # Publish a message into the Pub/Sub topic.
"detailOfMessage": "A String", # How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).
"event": "A String", # The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.
"pubsubCondition": { # A condition for determining whether a Pub/Sub should be triggered. # Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.
"expressions": { # An expression, consisting of an operator and conditions. # An expression.
"conditions": [ # Conditions to apply to the expression.
{ # A condition consisting of a value.
"minimumRiskScore": "A String", # The minimum data risk score that triggers the condition.
"minimumSensitivityScore": "A String", # The minimum sensitivity level that triggers the condition.
},
],
"logicalOperator": "A String", # The operator to apply to the collection of conditions.
},
},
"topic": "A String", # Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.
},
},
],
"createTime": "A String", # Output only. The creation timestamp of a DiscoveryConfig.
"displayName": "A String", # Display name (max 100 chars)
"errors": [ # Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
{ # Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
"details": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Detailed error codes and messages.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"timestamps": [ # The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
"A String",
],
},
],
"inspectTemplates": [ # Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
"A String",
],
"lastRunTime": "A String", # Output only. The timestamp of the last time this config was executed.
"name": "A String", # Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
"orgConfig": { # Project and scan location information. Only set when the parent is an org. # Only set when the parent is an org.
"location": { # The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization. # The data to scan: folder, org, or project
"folderId": "A String", # The ID of the Folder within an organization to scan.
"organizationId": "A String", # The ID of an organization to scan.
},
"projectId": "A String", # The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled.
},
"status": "A String", # Required. A status for this configuration.
"targets": [ # Target to match against for determining what to scan and how frequently.
{ # Target used to match against for Discovery.
"bigQueryTarget": { # Target used to match against for discovery with BigQuery tables # BigQuery target for Discovery. The first target to match a table will be the one applied.
"cadence": { # What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"schemaModifiedCadence": { # The cadence at which to update data profiles when a schema is modified. # Governs when to update data profiles when a schema is modified.
"frequency": "A String", # How frequently profiles may be updated when schemas are modified. Defaults to monthly.
"types": [ # The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS.
"A String",
],
},
"tableModifiedCadence": { # The cadence at which to update data profiles when a table is modified. # Governs when to update data profiles when a table is modified.
"frequency": "A String", # How frequently data profiles can be updated when tables are modified. Defaults to never.
"types": [ # The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.
"A String",
],
},
},
"conditions": { # Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age). # In addition to matching the filter, these conditions must be true before a profile is generated.
"createdAfter": "A String", # BigQuery table must have been created after this date. Used to avoid backfilling.
"orConditions": { # There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery. # At least one of the conditions must be true for a table to be scanned.
"minAge": "A String", # Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.
"minRowCount": 42, # Minimum number of rows that should be present before Cloud DLP profiles a table
},
"typeCollection": "A String", # Restrict discovery to categories of table types.
"types": { # The types of BigQuery tables supported by Cloud DLP. # Restrict discovery to specific table types.
"types": [ # A set of BigQuery table types.
"A String",
],
},
},
"disabled": { # Do not profile the tables. # Tables that match this filter will not have profiles created.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"otherTables": { # Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. # Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
"tables": { # Specifies a collection of BigQuery tables. Used for Discovery. # A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.
"includeRegexes": { # A collection of regular expressions to determine what tables to match against. # A collection of regular expressions to match a BigQuery table against.
"patterns": [ # A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.
{ # A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"datasetIdRegex": "A String", # If unset, this property matches all datasets.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.
"tableIdRegex": "A String", # If unset, this property matches all tables.
},
],
},
},
},
},
"cloudSqlTarget": { # Target used to match against for discovery with Cloud SQL tables. # Cloud SQL target for Discovery. The first target to match a table will be the one applied.
"conditions": { # Requirements that must be true before a table is profiled for the first time. # In addition to matching the filter, these conditions must be true before a profile is generated.
"databaseEngines": [ # Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.
"A String",
],
"types": [ # Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES].
"A String",
],
},
"disabled": { # Do not profile the tables. # Disable profiling for database resources that match this filter.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"collection": { # Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures. # A specific set of database resources for this filter to apply to.
"includeRegexes": { # A collection of regular expressions to determine what database resources to match against. # A collection of regular expressions to match a database resource against.
"patterns": [ # A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.
{ # A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"databaseRegex": "A String", # Regex to test the database name against. If empty, all databases match.
"databaseResourceNameRegex": "A String", # Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.
"instanceRegex": "A String", # Regex to test the instance name against. If empty, all instances match.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for Data Profile configurations created within a project.
},
],
},
},
"databaseResourceReference": { # Identifies a single database resource, like a table within a database. # The database resource to scan. Targets including this can only include one target (the target with this database resource reference).
"instance": "A String", # Required. The instance where this resource is located. For example: Cloud SQL's instance id.
"projectId": "A String", # Required. If within a project-level config, then this must match the config's project id.
},
"others": { # Match database resources not covered by any other filter. # Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
},
"generationCadence": { # How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"refreshFrequency": "A String", # Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never.
"schemaModifiedCadence": { # How frequency to modify the profile when the table's schema is modified. # When to reprofile if the schema has changed.
"frequency": "A String", # Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.
"types": [ # The types of schema modifications to consider. Defaults to NEW_COLUMNS.
"A String",
],
},
},
},
},
],
"updateTime": "A String", # Output only. The last update timestamp of a DiscoveryConfig.
},
],
"nextPageToken": "A String", # If the next page is available then this value is the next page token to be used in the following ListDiscoveryConfigs request.
}
list_next()
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
patch(name, body=None, x__xgafv=None)
Updates a discovery configuration.
Args:
name: string, Required. Resource name of the project and the configuration, for example `projects/dlp-test-project/discoveryConfigs/53234423`. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for UpdateDiscoveryConfig.
"discoveryConfig": { # Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention). # Required. New DiscoveryConfig value.
"actions": [ # Actions to execute at the completion of scanning.
{ # A task to execute when a data profile has been generated.
"exportData": { # If set, the detailed data profiles will be persisted to the location of your choice whenever updated. # Export data profiles into a provided location.
"profileTable": { # Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. # Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification.
"datasetId": "A String", # Dataset ID of the table.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
},
},
"pubSubNotification": { # Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`. # Publish a message into the Pub/Sub topic.
"detailOfMessage": "A String", # How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).
"event": "A String", # The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.
"pubsubCondition": { # A condition for determining whether a Pub/Sub should be triggered. # Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.
"expressions": { # An expression, consisting of an operator and conditions. # An expression.
"conditions": [ # Conditions to apply to the expression.
{ # A condition consisting of a value.
"minimumRiskScore": "A String", # The minimum data risk score that triggers the condition.
"minimumSensitivityScore": "A String", # The minimum sensitivity level that triggers the condition.
},
],
"logicalOperator": "A String", # The operator to apply to the collection of conditions.
},
},
"topic": "A String", # Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.
},
},
],
"createTime": "A String", # Output only. The creation timestamp of a DiscoveryConfig.
"displayName": "A String", # Display name (max 100 chars)
"errors": [ # Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
{ # Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
"details": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Detailed error codes and messages.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"timestamps": [ # The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
"A String",
],
},
],
"inspectTemplates": [ # Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
"A String",
],
"lastRunTime": "A String", # Output only. The timestamp of the last time this config was executed.
"name": "A String", # Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
"orgConfig": { # Project and scan location information. Only set when the parent is an org. # Only set when the parent is an org.
"location": { # The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization. # The data to scan: folder, org, or project
"folderId": "A String", # The ID of the Folder within an organization to scan.
"organizationId": "A String", # The ID of an organization to scan.
},
"projectId": "A String", # The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled.
},
"status": "A String", # Required. A status for this configuration.
"targets": [ # Target to match against for determining what to scan and how frequently.
{ # Target used to match against for Discovery.
"bigQueryTarget": { # Target used to match against for discovery with BigQuery tables # BigQuery target for Discovery. The first target to match a table will be the one applied.
"cadence": { # What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"schemaModifiedCadence": { # The cadence at which to update data profiles when a schema is modified. # Governs when to update data profiles when a schema is modified.
"frequency": "A String", # How frequently profiles may be updated when schemas are modified. Defaults to monthly.
"types": [ # The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS.
"A String",
],
},
"tableModifiedCadence": { # The cadence at which to update data profiles when a table is modified. # Governs when to update data profiles when a table is modified.
"frequency": "A String", # How frequently data profiles can be updated when tables are modified. Defaults to never.
"types": [ # The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.
"A String",
],
},
},
"conditions": { # Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age). # In addition to matching the filter, these conditions must be true before a profile is generated.
"createdAfter": "A String", # BigQuery table must have been created after this date. Used to avoid backfilling.
"orConditions": { # There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery. # At least one of the conditions must be true for a table to be scanned.
"minAge": "A String", # Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.
"minRowCount": 42, # Minimum number of rows that should be present before Cloud DLP profiles a table
},
"typeCollection": "A String", # Restrict discovery to categories of table types.
"types": { # The types of BigQuery tables supported by Cloud DLP. # Restrict discovery to specific table types.
"types": [ # A set of BigQuery table types.
"A String",
],
},
},
"disabled": { # Do not profile the tables. # Tables that match this filter will not have profiles created.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"otherTables": { # Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. # Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
"tables": { # Specifies a collection of BigQuery tables. Used for Discovery. # A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.
"includeRegexes": { # A collection of regular expressions to determine what tables to match against. # A collection of regular expressions to match a BigQuery table against.
"patterns": [ # A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.
{ # A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"datasetIdRegex": "A String", # If unset, this property matches all datasets.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.
"tableIdRegex": "A String", # If unset, this property matches all tables.
},
],
},
},
},
},
"cloudSqlTarget": { # Target used to match against for discovery with Cloud SQL tables. # Cloud SQL target for Discovery. The first target to match a table will be the one applied.
"conditions": { # Requirements that must be true before a table is profiled for the first time. # In addition to matching the filter, these conditions must be true before a profile is generated.
"databaseEngines": [ # Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.
"A String",
],
"types": [ # Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES].
"A String",
],
},
"disabled": { # Do not profile the tables. # Disable profiling for database resources that match this filter.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"collection": { # Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures. # A specific set of database resources for this filter to apply to.
"includeRegexes": { # A collection of regular expressions to determine what database resources to match against. # A collection of regular expressions to match a database resource against.
"patterns": [ # A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.
{ # A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"databaseRegex": "A String", # Regex to test the database name against. If empty, all databases match.
"databaseResourceNameRegex": "A String", # Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.
"instanceRegex": "A String", # Regex to test the instance name against. If empty, all instances match.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for Data Profile configurations created within a project.
},
],
},
},
"databaseResourceReference": { # Identifies a single database resource, like a table within a database. # The database resource to scan. Targets including this can only include one target (the target with this database resource reference).
"instance": "A String", # Required. The instance where this resource is located. For example: Cloud SQL's instance id.
"projectId": "A String", # Required. If within a project-level config, then this must match the config's project id.
},
"others": { # Match database resources not covered by any other filter. # Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
},
"generationCadence": { # How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"refreshFrequency": "A String", # Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never.
"schemaModifiedCadence": { # How frequency to modify the profile when the table's schema is modified. # When to reprofile if the schema has changed.
"frequency": "A String", # Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.
"types": [ # The types of schema modifications to consider. Defaults to NEW_COLUMNS.
"A String",
],
},
},
},
},
],
"updateTime": "A String", # Output only. The last update timestamp of a DiscoveryConfig.
},
"updateMask": "A String", # Mask to control which fields get updated.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Configuration for discovery to scan resources for profile generation. Only one discovery configuration may exist per organization, folder, or project. The generated data profiles are retained according to the [data retention policy] (https://cloud.google.com/sensitive-data-protection/docs/data-profiles#retention).
"actions": [ # Actions to execute at the completion of scanning.
{ # A task to execute when a data profile has been generated.
"exportData": { # If set, the detailed data profiles will be persisted to the location of your choice whenever updated. # Export data profiles into a provided location.
"profileTable": { # Message defining the location of a BigQuery table. A table is uniquely identified by its project_id, dataset_id, and table_name. Within a query a table is often referenced with a string in the format of: `:.` or `..`. # Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in new rows in BigQuery. Data is inserted using [streaming insert](https://cloud.google.com/blog/products/bigquery/life-of-a-bigquery-streaming-insert) and so data may be in the buffer for a period of time after the profile has finished. The Pub/Sub notification is sent before the streaming buffer is guaranteed to be written, so data may not be instantly visible to queries by the time your topic receives the Pub/Sub notification.
"datasetId": "A String", # Dataset ID of the table.
"projectId": "A String", # The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.
"tableId": "A String", # Name of the table.
},
},
"pubSubNotification": { # Send a Pub/Sub message into the given Pub/Sub topic to connect other systems to data profile generation. The message payload data will be the byte serialization of `DataProfilePubSubMessage`. # Publish a message into the Pub/Sub topic.
"detailOfMessage": "A String", # How much data to include in the Pub/Sub message. If the user wishes to limit the size of the message, they can use resource_name and fetch the profile fields they wish to. Per table profile (not per column).
"event": "A String", # The type of event that triggers a Pub/Sub. At most one `PubSubNotification` per EventType is permitted.
"pubsubCondition": { # A condition for determining whether a Pub/Sub should be triggered. # Conditions (e.g., data risk or sensitivity level) for triggering a Pub/Sub.
"expressions": { # An expression, consisting of an operator and conditions. # An expression.
"conditions": [ # Conditions to apply to the expression.
{ # A condition consisting of a value.
"minimumRiskScore": "A String", # The minimum data risk score that triggers the condition.
"minimumSensitivityScore": "A String", # The minimum sensitivity level that triggers the condition.
},
],
"logicalOperator": "A String", # The operator to apply to the collection of conditions.
},
},
"topic": "A String", # Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.
},
},
],
"createTime": "A String", # Output only. The creation timestamp of a DiscoveryConfig.
"displayName": "A String", # Display name (max 100 chars)
"errors": [ # Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.
{ # Details information about an error encountered during job execution or the results of an unsuccessful activation of the JobTrigger.
"details": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # Detailed error codes and messages.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"timestamps": [ # The times the error occurred. List includes the oldest timestamp and the last 9 timestamps.
"A String",
],
},
],
"inspectTemplates": [ # Detection logic for profile generation. Not all template features are used by Discovery. FindingLimits, include_quote and exclude_info_types have no impact on Discovery. Multiple templates may be provided if there is data in multiple regions. At most one template must be specified per-region (including "global"). Each region is scanned using the applicable template. If no region-specific template is specified, but a "global" template is specified, it will be copied to that region and used instead. If no global or region-specific template is provided for a region with data, that region's data will not be scanned. For more information, see https://cloud.google.com/sensitive-data-protection/docs/data-profiles#data-residency.
"A String",
],
"lastRunTime": "A String", # Output only. The timestamp of the last time this config was executed.
"name": "A String", # Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created, for example `projects/dlp-test-project/locations/global/discoveryConfigs/53234423`.
"orgConfig": { # Project and scan location information. Only set when the parent is an org. # Only set when the parent is an org.
"location": { # The location to begin a discovery scan. Denotes an organization ID or folder ID within an organization. # The data to scan: folder, org, or project
"folderId": "A String", # The ID of the Folder within an organization to scan.
"organizationId": "A String", # The ID of an organization to scan.
},
"projectId": "A String", # The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the Cloud DLP API must be enabled.
},
"status": "A String", # Required. A status for this configuration.
"targets": [ # Target to match against for determining what to scan and how frequently.
{ # Target used to match against for Discovery.
"bigQueryTarget": { # Target used to match against for discovery with BigQuery tables # BigQuery target for Discovery. The first target to match a table will be the one applied.
"cadence": { # What must take place for a profile to be updated and how frequently it should occur. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"schemaModifiedCadence": { # The cadence at which to update data profiles when a schema is modified. # Governs when to update data profiles when a schema is modified.
"frequency": "A String", # How frequently profiles may be updated when schemas are modified. Defaults to monthly.
"types": [ # The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMNS.
"A String",
],
},
"tableModifiedCadence": { # The cadence at which to update data profiles when a table is modified. # Governs when to update data profiles when a table is modified.
"frequency": "A String", # How frequently data profiles can be updated when tables are modified. Defaults to never.
"types": [ # The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP.
"A String",
],
},
},
"conditions": { # Requirements that must be true before a table is scanned in discovery for the first time. There is an AND relationship between the top-level attributes. Additionally, minimum conditions with an OR relationship that must be met before Cloud DLP scans a table can be set (like a minimum row count or a minimum table age). # In addition to matching the filter, these conditions must be true before a profile is generated.
"createdAfter": "A String", # BigQuery table must have been created after this date. Used to avoid backfilling.
"orConditions": { # There is an OR relationship between these attributes. They are used to determine if a table should be scanned or not in Discovery. # At least one of the conditions must be true for a table to be scanned.
"minAge": "A String", # Minimum age a table must have before Cloud DLP can profile it. Value must be 1 hour or greater.
"minRowCount": 42, # Minimum number of rows that should be present before Cloud DLP profiles a table
},
"typeCollection": "A String", # Restrict discovery to categories of table types.
"types": { # The types of BigQuery tables supported by Cloud DLP. # Restrict discovery to specific table types.
"types": [ # A set of BigQuery table types.
"A String",
],
},
},
"disabled": { # Do not profile the tables. # Tables that match this filter will not have profiles created.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, dataset ID, and table ID. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"otherTables": { # Catch-all for all other tables not specified by other filters. Should always be last, except for single-table configurations, which will only have a TableReference target. # Catch-all. This should always be the last filter in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
"tables": { # Specifies a collection of BigQuery tables. Used for Discovery. # A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. If a table id or dataset is empty, Cloud DLP assumes all tables in that collection must be profiled. Must specify a project ID.
"includeRegexes": { # A collection of regular expressions to determine what tables to match against. # A collection of regular expressions to match a BigQuery table against.
"patterns": [ # A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.
{ # A pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"datasetIdRegex": "A String", # If unset, this property matches all datasets.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.
"tableIdRegex": "A String", # If unset, this property matches all tables.
},
],
},
},
},
},
"cloudSqlTarget": { # Target used to match against for discovery with Cloud SQL tables. # Cloud SQL target for Discovery. The first target to match a table will be the one applied.
"conditions": { # Requirements that must be true before a table is profiled for the first time. # In addition to matching the filter, these conditions must be true before a profile is generated.
"databaseEngines": [ # Optional. Database engines that should be profiled. Optional. Defaults to ALL_SUPPORTED_DATABASE_ENGINES if unspecified.
"A String",
],
"types": [ # Data profiles will only be generated for the database resource types specified in this field. If not specified, defaults to [DATABASE_RESOURCE_TYPE_ALL_SUPPORTED_TYPES].
"A String",
],
},
"disabled": { # Do not profile the tables. # Disable profiling for database resources that match this filter.
},
"filter": { # Determines what tables will have profiles generated within an organization or project. Includes the ability to filter by regular expression patterns on project ID, location, instance, database, and database resource name. # Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table.
"collection": { # Match database resources using regex filters. Examples of database resources are tables, views, and stored procedures. # A specific set of database resources for this filter to apply to.
"includeRegexes": { # A collection of regular expressions to determine what database resources to match against. # A collection of regular expressions to match a database resource against.
"patterns": [ # A group of regular expression patterns to match against one or more database resources. Maximum of 100 entries. The sum of all regular expression's length can't exceed 10 KiB.
{ # A pattern to match against one or more database resources. At least one pattern must be specified. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.
"databaseRegex": "A String", # Regex to test the database name against. If empty, all databases match.
"databaseResourceNameRegex": "A String", # Regex to test the database resource's name against. An example of a database resource name is a table's name. Other database resource names like view names could be included in the future. If empty, all database resources match.
"instanceRegex": "A String", # Regex to test the instance name against. If empty, all instances match.
"projectIdRegex": "A String", # For organizations, if unset, will match all projects. Has no effect for Data Profile configurations created within a project.
},
],
},
},
"databaseResourceReference": { # Identifies a single database resource, like a table within a database. # The database resource to scan. Targets including this can only include one target (the target with this database resource reference).
"instance": "A String", # Required. The instance where this resource is located. For example: Cloud SQL's instance id.
"projectId": "A String", # Required. If within a project-level config, then this must match the config's project id.
},
"others": { # Match database resources not covered by any other filter. # Catch-all. This should always be the last target in the list because anything above it will apply first. Should only appear once in a configuration. If none is specified, a default one will be added automatically.
},
},
"generationCadence": { # How often existing tables should have their profiles refreshed. New tables are scanned as quickly as possible depending on system capacity. # How often and when to update profiles. New tables that match both the filter and conditions are scanned as quickly as possible depending on system capacity.
"refreshFrequency": "A String", # Data changes (non-schema changes) in Cloud SQL tables can't trigger reprofiling. If you set this field, profiles are refreshed at this frequency regardless of whether the underlying tables have changes. Defaults to never.
"schemaModifiedCadence": { # How frequency to modify the profile when the table's schema is modified. # When to reprofile if the schema has changed.
"frequency": "A String", # Frequency to regenerate data profiles when the schema is modified. Defaults to monthly.
"types": [ # The types of schema modifications to consider. Defaults to NEW_COLUMNS.
"A String",
],
},
},
},
},
],
"updateTime": "A String", # Output only. The last update timestamp of a DiscoveryConfig.
}