Top / Google Cloud Platform / Google Data loss prevention / Inspect Template

Google Data loss prevention Inspect Template

This page shows how to write Terraform for Data loss prevention Inspect Template and write them securely.

terraform-logo

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_data_loss_prevention_inspect_template (Terraform)

The Inspect Template in Data loss prevention can be configured in Terraform with the resource name google_data_loss_prevention_inspect_template. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

A description of the inspect template.

User set display name of the inspect template.

  • id optional computed - string
  • name optional computed - string

The resource name of the inspect template. Set by the server.

The parent of the inspect template in any of the following formats: 'projects/[[project]]' 'projects/[[project]]/locations/[[location]]' 'organizations/[[organization_id]]' 'organizations/[[organization_id]]/locations/[[location]]'

  • inspect_config list block

    List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: ["CONTENT_TEXT", "CONTENT_IMAGE"]

    When true, excludes type information of the findings.

    When true, a contextual quote from the data that triggered a finding is included in the response.

    Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: "POSSIBLE" Possible values: ["VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY"]

    • custom_info_types list block

      If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: ["EXCLUSION_TYPE_EXCLUDE"]

      Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Default value: "VERY_LIKELY" Possible values: ["VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY"]

      • dictionary list block
        • cloud_storage_path list block

          A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'

        • word_list list block
          • words required - list of string

          Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.

      • info_type list block

        Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.

      • regex list block

        The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

        Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

      • stored_type list block

        Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342' or 'projects/project-id/storedInfoTypes/432452342'.

    • info_types list block

      Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.

    • limits list block

      Max number of findings that will be returned for each item scanned. The maximum returned is 2000.

      Max number of findings that will be returned per request/job. The maximum returned is 2000.

    • rule_set list block
      • info_types list block

        Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.

      • rules list block
        • exclusion_rule list block

          How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: ["MATCHING_TYPE_FULL_MATCH", "MATCHING_TYPE_PARTIAL_MATCH", "MATCHING_TYPE_INVERSE_MATCH"]

          • dictionary list block
            • cloud_storage_path list block

              A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'

            • word_list list block
              • words required - list of string

              Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.

          • exclude_info_types list block
          • regex list block

            The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

            Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

        • hotword_rule list block
          • hotword_regex list block

            The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

            Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

          • likelihood_adjustment list block

            Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: ["VERY_UNLIKELY", "UNLIKELY", "POSSIBLE", "LIKELY", "VERY_LIKELY"]

            Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.

          • proximity list block

            Number of characters after the finding to consider. Either this or window_before must be specified

            Number of characters before the finding to consider. Either this or window_after must be specified

  • timeouts single block

>> from Terraform Registry

Explanation in Terraform Registry

An inspect job template. To get more information about InspectTemplate, see:

>> from Terraform Registry

The Other Related Google Data loss prevention Resources

Frequently asked questions

What is Google Data loss prevention Inspect Template?

Google Data loss prevention Inspect Template is a resource for Data loss prevention of Google Cloud Platform. Settings can be wrote in Terraform.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents