JobTrigger is the Schema for the JobTriggers API. A job trigger configuration.
Type
CRD
Group
datalossprevention.gcp.upbound.io
Version
v1beta1
apiVersion: datalossprevention.gcp.upbound.io/v1beta1
kind: JobTrigger
JobTriggerSpec defines the desired state of JobTrigger
No description provided.
Controls what and how to inspect for findings. Structure is documented below.
A task to execute on the completion of a job. Structure is documented below.
Create a de-identified copy of the requested table or files. Structure is documented below.
List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed. If empty, all supported files will be transformed. Supported types may be automatically added over time. If a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Each value may be one of: IMAGE, TEXT_FILE, CSV, TSV.
User specified deidentify templates and configs for structured, unstructured, and image files. Structure is documented below.
Config for storing transformation details. Structure is documented below.
The BigQuery table in which to store the output. Structure is documented below.
Reference to a Dataset in bigquery to populate datasetId.
Policies for referencing.
Selector for a Dataset in bigquery to populate datasetId.
Policies for selection.
Reference to a Table in bigquery to populate tableId.
Policies for referencing.
Selector for a Table in bigquery to populate tableId.
Policies for selection.
Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
Publish a message into a given Pub/Sub topic when the job completes. Structure is documented below.
Publish findings of a DlpJob to Data Catalog.
Publish the result summary of a DlpJob to the Cloud Security Command Center.
If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk Structure is documented below.
Information on where to store output Structure is documented below.
The core content of the template. Structure is documented below.
Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. Structure is documented below.
Dictionary which defines the rule. Structure is documented below.
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.
Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does not have an infoType, the DLP API applies the limit against all infoTypes that are found but not specified in another InfoTypeLimit. Structure is documented below.
Regular expression which defines the rule. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
A reference to a StoredInfoType to use with scanning. Structure is documented below.
Message for detecting output from deidentification transformations that support reversing.
Configuration to control the number of findings returned. Structure is documented below.
Configuration of findings limit given for specified infoTypes. Structure is documented below.
Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does not have an infoType, the DLP API applies the limit against all infoTypes that are found but not specified in another InfoTypeLimit. Structure is documented below.
Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. Structure is documented below.
Set of rules to be applied to infoTypes. The rules are applied in order. Structure is documented below.
The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results. Structure is documented below.
Dictionary which defines the rule. Structure is documented below.
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.
Drop if the hotword rule is contained in the proximate context. Structure is documented below.
Regular expression pattern defining what qualifies as a hotword. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex (\d{3}) \d{3}-\d{4} could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex (xxx), where xxx is the area code in question. Structure is documented below.
Regular expression which defines the rule. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
Hotword-based detection rule. Structure is documented below.
Regular expression pattern defining what qualifies as a hotword. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
Likelihood adjustment to apply to all matching findings. Structure is documented below.
Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex (\d{3}) \d{3}-\d{4} could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex (xxx), where xxx is the area code in question. Structure is documented below.
Information on where to inspect Structure is documented below.
Options defining BigQuery table and row identifiers. Structure is documented below.
The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided. Structure is documented below.
Options defining a file or a set of files within a Google Cloud Storage bucket. Structure is documented below.
Set of files to scan. Structure is documented below.
The regex-filtered set of files to scan. Structure is documented below.
A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan.
A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in excludeRegex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list)
List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Each value may be one of: BINARY_FILE, TEXT_FILE, IMAGE, WORD, PDF, AVRO, CSV, TSV.
Options defining a data set within Google Cloud Datastore. Structure is documented below.
A representation of a Datastore kind. Structure is documented below.
Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. Structure is documented below.
Configuration to control jobs where the content being inspected is outside of Google Cloud Platform. Structure is documented below.
These are labels that each inspection request must include within their 'finding_labels' map. Request may contain others, but any missing one of these will be rejected. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: a-z?. No more than 10 keys can be required.
If the container is a table, additional information to make findings meaningful such as the columns that are primary keys. Structure is documented below.
The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided. Structure is documented below.
Information on where to inspect Structure is documented below.
Information on where to inspect Structure is documented below.
What event needs to occur for a new job to be started. Structure is documented below.
For use with hybrid jobs. Jobs must be manually created and finished.
Schedule for triggered jobs Structure is documented below.
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. providerConfigRef
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
JobTriggerStatus defines the observed state of JobTrigger.
No description provided.
Controls what and how to inspect for findings. Structure is documented below.
A task to execute on the completion of a job. Structure is documented below.
Create a de-identified copy of the requested table or files. Structure is documented below.
List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed. If empty, all supported files will be transformed. Supported types may be automatically added over time. If a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Each value may be one of: IMAGE, TEXT_FILE, CSV, TSV.
User specified deidentify templates and configs for structured, unstructured, and image files. Structure is documented below.
Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.
Publish a message into a given Pub/Sub topic when the job completes. Structure is documented below.
Publish findings of a DlpJob to Data Catalog.
Publish the result summary of a DlpJob to the Cloud Security Command Center.
If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk Structure is documented below.
Information on where to store output Structure is documented below.
The core content of the template. Structure is documented below.
Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more. Structure is documented below.
Dictionary which defines the rule. Structure is documented below.
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.
Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does not have an infoType, the DLP API applies the limit against all infoTypes that are found but not specified in another InfoTypeLimit. Structure is documented below.
Regular expression which defines the rule. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
A reference to a StoredInfoType to use with scanning. Structure is documented below.
Message for detecting output from deidentification transformations that support reversing.
Configuration to control the number of findings returned. Structure is documented below.
Configuration of findings limit given for specified infoTypes. Structure is documented below.
Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does not have an infoType, the DLP API applies the limit against all infoTypes that are found but not specified in another InfoTypeLimit. Structure is documented below.
Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type. Structure is documented below.
Set of rules to be applied to infoTypes. The rules are applied in order. Structure is documented below.
The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results. Structure is documented below.
Dictionary which defines the rule. Structure is documented below.
Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.
Drop if the hotword rule is contained in the proximate context. Structure is documented below.
Regular expression pattern defining what qualifies as a hotword. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex (\d{3}) \d{3}-\d{4} could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex (xxx), where xxx is the area code in question. Structure is documented below.
Regular expression which defines the rule. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
Hotword-based detection rule. Structure is documented below.
Regular expression pattern defining what qualifies as a hotword. Structure is documented below.
The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.
Likelihood adjustment to apply to all matching findings. Structure is documented below.
Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex (\d{3}) \d{3}-\d{4} could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex (xxx), where xxx is the area code in question. Structure is documented below.
Information on where to inspect Structure is documented below.
Options defining BigQuery table and row identifiers. Structure is documented below.
The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided. Structure is documented below.
Options defining a file or a set of files within a Google Cloud Storage bucket. Structure is documented below.
Set of files to scan. Structure is documented below.
The regex-filtered set of files to scan. Structure is documented below.
A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan.
A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in excludeRegex. Leaving this field empty will match all files by default (this is equivalent to including .* in the list)
List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Each value may be one of: BINARY_FILE, TEXT_FILE, IMAGE, WORD, PDF, AVRO, CSV, TSV.
Options defining a data set within Google Cloud Datastore. Structure is documented below.
Datastore partition ID. A partition ID identifies a grouping of entities. The grouping is always by project and namespace, however the namespace ID may be empty. Structure is documented below.
Configuration to control jobs where the content being inspected is outside of Google Cloud Platform. Structure is documented below.
These are labels that each inspection request must include within their 'finding_labels' map. Request may contain others, but any missing one of these will be rejected. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: a-z?. No more than 10 keys can be required.
If the container is a table, additional information to make findings meaningful such as the columns that are primary keys. Structure is documented below.
The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided. Structure is documented below.
Information on where to inspect Structure is documented below.
Information on where to inspect Structure is documented below.
What event needs to occur for a new job to be started. Structure is documented below.
For use with hybrid jobs. Jobs must be manually created and finished.
Schedule for triggered jobs Structure is documented below.
Conditions of the resource.
basic
apiVersion: datalossprevention.gcp.upbound.io/v1beta1
kind: JobTrigger
metadata:
annotations:
meta.upbound.io/example-id: datalossprevention/v1beta1/jobtrigger
upjet.upbound.io/manual-intervention: The resource requires a real Project ID
labels:
testing.upbound.io/example-name: basic
name: basic
spec:
forProvider:
description: Description
displayName: Displayname
inspectJob:
- actions:
- saveFindings:
- outputConfig:
- table:
- datasetId: dataset
projectId: project
inspectTemplateName: fake
storageConfig:
- cloudStorageOptions:
- fileSet:
- url: gs://mybucket/directory/
parent: projects/&{project_id}
triggers:
- schedule:
- recurrencePeriodDuration: 86400s
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.