gcloud alpha dlp datasources bigquery inspect - schedules a job to inspect content in a BigQuery table
gcloud alpha dlp datasources bigquery inspect INPUT_TABLE [--exclude-info-types] [--identifying-fields=[IDENTIFYING_FIELDS,...]] [--include-quote] [--info-types=[INFOTYPE,...]] [--job-id=JOB_ID] [--max-findings=MAX_FINDINGS] [--max-findings-per-item=MAX_FINDINGS_PER_ITEM] [--max-time=MAX_TIME] [--min-likelihood=MIN_LIKELIHOOD; default="possible"] [--min-time=MIN_TIME] [--output-table=OUTPUT_TABLE | --output-topics=[OUTPUT_TOPICS,...]] [GCLOUD_WIDE_FLAG ...]
(ALPHA) Schedules a job to inspect content in a BigQuery table for sensitive data.
See Inspecting Storage and Databases for Sensitive Data https://cloud.google.com/dlp/docs/inspecting-storage for more details.
The following command creates a job my-bq-job to scan records in BigQuery table myproject.myds.mytable:
$ gcloud alpha dlp datasources bigquery inspect \ `myproject.myds.mytable` --job-id my-ds-job \ --min-time '2018-01-01T12:00:00Z' \ --max-time '2018-01-31T12:00:00Z' --output-topics my-topic \ --max-findings-per-item 3 --max-findings 1000 \ --info-types PHONE_NUMBER,EMAIL_ADDRESS \ --min-likelihood very-likely --include-quote \ --exclude-info-types
- INPUT_TABLE
BigQuery table to scan. BigQuery tables are uniquely identified by their project_id, dataset_id, and table_id in the format <project_id>.<dataset_id>.<table_id>.
- --exclude-info-types
Whether or not to exclude type information of the findings. Type information is included by default.
- --identifying-fields=[IDENTIFYING_FIELDS,...]
Comma separated list of references to field names uniquely identifying rows within the BigQuery table. Nested fields in the format person.birthdate.year are allowed.
- --include-quote
If True, a contextual quote from the data that triggered a finding is included in the response. Even if the content is not text, it may be converted to a textual representation in the response. For example, given the input value 'My phone number is (415) 555-0890' and a search for the infoType PHONE_NUMBER, the contextual quote would be '(415) 555-0890.'
- --info-types=[INFOTYPE,...]
Which infoTypes to scan input for. The values must correspond to infoType values found in documentation. For more information about valid infoTypes, see infoTypes Reference https://cloud.google.com/dlp/docs/infotypes-reference
- --job-id=JOB_ID
Optional job ID to use for the created job. If not provided, a job ID will automatically be generated. Must be unique within the project. The job ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.
- --max-findings=MAX_FINDINGS
Maximum number of findings that will be returned per execution.
If not specified, no limits are applied.
- --max-findings-per-item=MAX_FINDINGS_PER_ITEM
Maximum number of findings that will be returned for each item scanned.
If not specified, no limits are applied.
- --max-time=MAX_TIME
Scan will include items in repository whose age is >= min-time and <= max-time.
If max-time is omitted then there is no maximum time limit.
See $ gcloud topic datetimes for information on time formats.
- --min-likelihood=MIN_LIKELIHOOD; default="possible"
Only return findings equal to or above this threshold. MIN_LIKELIHOOD must be one of: likely, possible, unlikely, very-likely, very-unlikely.
- --min-time=MIN_TIME
Scan will include items in repository whose age is >= min-time and <= max-time.
If max-time is omitted then there is no maximum time limit.
See $ gcloud topic datetimes for information on time formats.
- At most one of these can be specified:
- --output-table=OUTPUT_TABLE
Publishes results of a Cloud DLP job a BigQuery table. BigQuery tables are uniquely identified by their project_id, dataset_id, and table_id in the format <project_id>.<dataset_id>.<table_id> or <project_id>.<dataset_id>.<table_id>. If no table_id is specified, DLP will create a table for you.
- --output-topics=[OUTPUT_TOPICS,...]
Publishes the results of a Cloud DLP job to one or more Cloud Pub/Sub topics.
Note: The topic must have given publishing access rights to the DLP API service account executing the Cloud DLP job.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the dlp/v2 API. The full documentation for this API can be found at: https://cloud.google.com/dlp/docs/
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.