NAME

gcloud alpha dlp datasources bigquery inspect - schedules a job to inspect content in a BigQuery table

SYNOPSIS

gcloud alpha dlp datasources bigquery inspect INPUT_TABLE [--exclude-info-types] [--identifying-fields=[IDENTIFYING_FIELDS,...]] [--include-quote] [--info-types=[INFOTYPE,...]] [--job-id=JOB_ID] [--max-findings=MAX_FINDINGS] [--max-findings-per-item=MAX_FINDINGS_PER_ITEM] [--max-time=MAX_TIME] [--min-likelihood=MIN_LIKELIHOOD; default="possible"] [--min-time=MIN_TIME] [--output-table=OUTPUT_TABLE | --output-topics=[OUTPUT_TOPICS,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) Schedules a job to inspect content in a BigQuery table for sensitive data.

See Inspecting Storage and Databases for Sensitive Data https://cloud.google.com/dlp/docs/inspecting-storage for more details.

EXAMPLES

The following command creates a job my-bq-job to scan records in BigQuery table myproject.myds.mytable:

$ gcloud alpha dlp datasources bigquery inspect \ `myproject.myds.mytable` --job-id my-ds-job \ --min-time '2018-01-01T12:00:00Z' \ --max-time '2018-01-31T12:00:00Z' --output-topics my-topic \ --max-findings-per-item 3 --max-findings 1000 \ --info-types PHONE_NUMBER,EMAIL_ADDRESS \ --min-likelihood very-likely --include-quote \ --exclude-info-types

POSITIONAL ARGUMENTS

INPUT_TABLE

BigQuery table to scan. BigQuery tables are uniquely identified by their project_id, dataset_id, and table_id in the format <project_id>.<dataset_id>.<table_id>.

FLAGS

--exclude-info-types

Whether or not to exclude type information of the findings. Type information is included by default.

--identifying-fields=[IDENTIFYING_FIELDS,...]

Comma separated list of references to field names uniquely identifying rows within the BigQuery table. Nested fields in the format person.birthdate.year are allowed.

--include-quote

If True, a contextual quote from the data that triggered a finding is included in the response. Even if the content is not text, it may be converted to a textual representation in the response. For example, given the input value 'My phone number is (415) 555-0890' and a search for the infoType PHONE_NUMBER, the contextual quote would be '(415) 555-0890.'

--info-types=[INFOTYPE,...]

Which infoTypes to scan input for. The values must correspond to infoType values found in documentation. For more information about valid infoTypes, see infoTypes Reference https://cloud.google.com/dlp/docs/infotypes-reference

--job-id=JOB_ID

Optional job ID to use for the created job. If not provided, a job ID will automatically be generated. Must be unique within the project. The job ID can contain uppercase and lowercase letters, numbers, and hyphens; that is, it must match the regular expression: [a-zA-Z\\d-]+. The maximum length is 100 characters. Can be empty to allow the system to generate one.

--max-findings=MAX_FINDINGS

Maximum number of findings that will be returned per execution.

If not specified, no limits are applied.

--max-findings-per-item=MAX_FINDINGS_PER_ITEM

Maximum number of findings that will be returned for each item scanned.

If not specified, no limits are applied.

--max-time=MAX_TIME

Scan will include items in repository whose age is >= min-time and <= max-time.

If max-time is omitted then there is no maximum time limit.

See $ gcloud topic datetimes for information on time formats.

--min-likelihood=MIN_LIKELIHOOD; default="possible"

Only return findings equal to or above this threshold. MIN_LIKELIHOOD must be one of: likely, possible, unlikely, very-likely, very-unlikely.

--min-time=MIN_TIME

Scan will include items in repository whose age is >= min-time and <= max-time.

If max-time is omitted then there is no maximum time limit.

See $ gcloud topic datetimes for information on time formats.

At most one of these can be specified:
--output-table=OUTPUT_TABLE

Publishes results of a Cloud DLP job a BigQuery table. BigQuery tables are uniquely identified by their project_id, dataset_id, and table_id in the format <project_id>.<dataset_id>.<table_id> or <project_id>.<dataset_id>.<table_id>. If no table_id is specified, DLP will create a table for you.

--output-topics=[OUTPUT_TOPICS,...]

Publishes the results of a Cloud DLP job to one or more Cloud Pub/Sub topics.

Note: The topic must have given publishing access rights to the DLP API service account executing the Cloud DLP job.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE

This command uses the dlp/v2 API. The full documentation for this API can be found at: https://cloud.google.com/dlp/docs/

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.