Google Data loss prevention Job Trigger

google_data_loss_prevention_job_trigger (Terraform)

The Job Trigger in Data loss prevention can be configured in Terraform with the resource name google_data_loss_prevention_job_trigger. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

anaik91/tfe

resource "google_data_loss_prevention_job_trigger" "fail" {
    parent = "projects/my-project-name"
    description = "Description"
    display_name = "Displayname"

    triggers {

hemantgadiya/tfhybridjob

resource "google_data_loss_prevention_job_trigger" "basic" {
    parent = "projects/probable-bebop-315904"
    description = "tfhybridtfDesc"
    display_name = "tfhybridName"

    inspect_job {

Parameters

• description optional - string

A description of the job trigger.

• display_name optional - string

User set display name of the job trigger.

• id optional computed - string
• last_run_time optional computed - string

The timestamp of the last time this trigger executed.

• name optional computed - string

The resource name of the job trigger. Set by the server.

• parent required - string

The parent of the trigger, either in the format 'projects/[[project]]' or 'projects/[[project]]/locations/[[location]]'

• status optional - string

Whether the trigger is currently active. Default value: "HEALTHY" Possible values: ["PAUSED", "HEALTHY", "CANCELLED"]

• inspect_job list block
  • inspect_template_name required - string

  The name of the template to run when this job is triggered.

  • actions list block
    • save_findings list block
      • output_config list block
        • output_schema optional - string

        Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage. Possible values: ["BASIC_COLUMNS", "GCS_COLUMNS", "DATASTORE_COLUMNS", "BIG_QUERY_COLUMNS", "ALL_COLUMNS"]

        • table list block
          • dataset_id required - string

          Dataset ID of the table.

          • project_id required - string

          The Google Cloud Platform project ID of the project containing the table.

          • table_id optional - string

          Name of the table. If is not set a new one will be generated for you with the following format: 'dlpgoogleapis_yyyy_mm_dd[dlp_job_id]'. Pacific timezone will be used for generating the date details.

  • storage_config list block
    • big_query_options list block
      • table_reference list block
        • dataset_id required - string

        The dataset ID of the table.

        • project_id required - string

        The Google Cloud Platform project ID of the project containing the table.

        • table_id required - string

        The name of the table.

    • cloud_storage_options list block
      • bytes_limit_per_file optional - number

      Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted.

      • bytes_limit_per_file_percent optional - number

      Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit.

      • file_types optional - list of string

      List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: ["BINARY_FILE", "TEXT_FILE", "IMAGE", "WORD", "PDF", "AVRO", "CSV", "TSV"]

      • files_limit_percent optional - number

      Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit.

      • sample_method optional - string

      How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile. If not specified, scanning would start from the top. Possible values: ["TOP", "RANDOM_START"]

      • file_set list block
        • url optional - string

        The Cloud Storage url of the file(s) to scan, in the format 'gs://<bucket>/<path>'. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is equivalent to 'gs://mybucket/', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/'.

        • regex_file_set list block
          • bucket_name required - string

          The name of a Cloud Storage bucket.

          • exclude_regex optional - list of string

          A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan.

          • include_regex optional - list of string

          A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in excludeRegex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list)

    • datastore_options list block
      • kind list block
        • name required - string

        The name of the Datastore kind.

      • partition_id list block
        • namespace_id optional - string

        If not empty, the ID of the namespace to which the entities belong.

        • project_id required - string

        The ID of the project to which the entities belong.

    • timespan_config list block
      • enable_auto_population_of_timespan_config optional - bool

      When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger.

      • end_time optional - string

      Exclude files or rows newer than this value. If set to zero, no upper time limit is applied.

      • start_time optional - string

      Exclude files or rows older than this value.

      • timestamp_field list block
        • name required - string

        Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. For BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was modified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp field are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column. For Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the timestamp property does not exist or its value is empty or invalid.

• timeouts single block
  • create optional - string
  • delete optional - string
  • update optional - string
• triggers list block
  • schedule list block
    • recurrence_period_duration optional - string

    With this option a job is started a regular periodic basis. For example: every day (86400 seconds). A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

Explanation in Terraform Registry

A job trigger configuration. To get more information about JobTrigger, see:

• API documentation
• How-to Guides
  • Official Documentation