» google_data_loss_prevention_stored_info_type

Allows creation of custom info types.

To get more information about StoredInfoType, see:

» Example Usage - Dlp Stored Info Type Basic

resource "google_data_loss_prevention_stored_info_type" "basic" {
    parent = "projects/my-project-name"
    description = "Description"
    display_name = "Displayname"

    regex {
        pattern = "patient"
        group_indexes = [2]
    }
}

» Example Usage - Dlp Stored Info Type Dictionary

resource "google_data_loss_prevention_stored_info_type" "dictionary" {
    parent = "projects/my-project-name"
    description = "Description"
    display_name = "Displayname"

    dictionary {
        word_list {
            words = ["word", "word2"]
        }
    }
}

» Example Usage - Dlp Stored Info Type Large Custom Dictionary

resource "google_data_loss_prevention_stored_info_type" "large" {
    parent = "projects/my-project-name"
    description = "Description"
    display_name = "Displayname"

    large_custom_dictionary {
        cloud_storage_file_set {
            url = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
        }
        output_path {
            path = "gs://${google_storage_bucket.bucket.name}/output/dictionary.txt"
        }
    }
}

resource "google_storage_bucket" "bucket" {
  name          = "tf-test-bucket"
  force_destroy = true
}

resource "google_storage_bucket_object" "object" {
  name   = "tf-test-object"
  bucket = google_storage_bucket.bucket.name
  source = "./test-fixtures/dlp/words.txt"
}

» Argument Reference

The following arguments are supported:


  • description - (Optional) A description of the info type.

  • display_name - (Optional) User set display name of the info type.

  • regex - (Optional) Regular expression which defines the rule. Structure is documented below.

  • dictionary - (Optional) Dictionary which defines the rule. Structure is documented below.

  • large_custom_dictionary - (Optional) Dictionary which defines the rule. Structure is documented below.

The regex block supports:

  • pattern - (Required) Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.

  • group_indexes - (Optional) The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.

The dictionary block supports:

  • word_list - (Optional) List of words or phrases to search for. Structure is documented below.

  • cloud_storage_path - (Optional) Newline-delimited file of words in Cloud Storage. Only a single file is accepted. Structure is documented below.

The word_list block supports:

  • words - (Required) Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.

The cloud_storage_path block supports:

  • path - (Required) A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt

The large_custom_dictionary block supports:

  • output_path - (Required) Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used. Structure is documented below.

  • cloud_storage_file_set - (Optional) Set of files containing newline-delimited lists of dictionary phrases. Structure is documented below.

  • big_query_field - (Optional) Field in a BigQuery table where each cell represents a dictionary phrase. Structure is documented below.

The output_path block supports:

  • path - (Required) A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt

The cloud_storage_file_set block supports:

  • url - (Required) The url, in the format gs://<bucket>/<path>. Trailing wildcard in the path is allowed.

The big_query_field block supports:

  • table - (Required) Field in a BigQuery table where each cell represents a dictionary phrase. Structure is documented below.

  • field - (Required) Designated field in the BigQuery table. Structure is documented below.

The table block supports:

  • project_id - (Required) The Google Cloud Platform project ID of the project containing the table.

  • dataset_id - (Required) The dataset ID of the table.

  • table_id - (Required) The name of the table.

The field block supports:

  • name - (Required) Name describing the field.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format {{parent}}/storedInfoTypes/{{name}}

  • name - The resource name of the info type. Set by the server.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

StoredInfoType can be imported using any of these accepted formats:

$ terraform import google_data_loss_prevention_stored_info_type.default {{parent}}/storedInfoTypes/{{name}}
$ terraform import google_data_loss_prevention_stored_info_type.default {{parent}}/{{name}}