jeremiele
diff --git a/‎dlp/snippets/deid_cloud_storage.py
Copy file name to clipboard
+234Lines changed: 234 additions & 0 deletions b/‎dlp/snippets/deid_cloud_storage.py
Copy file name to clipboard
+234Lines changed: 234 additions & 0 deletions
diff --git a/‎dlp/snippets/deid_cloud_storage_test.py
Copy file name to clipboard
+79Lines changed: 79 additions & 0 deletions b/‎dlp/snippets/deid_cloud_storage_test.py
Copy file name to clipboard
+79Lines changed: 79 additions & 0 deletions
diff --git a/‎dlp/snippets/deid_test.py
Copy file name to clipboardExpand all lines: dlp/snippets/deid_test.py
+1Lines changed: 1 addition & 0 deletions b/‎dlp/snippets/deid_test.py
Copy file name to clipboardExpand all lines: dlp/snippets/deid_test.py
+1Lines changed: 1 addition & 0 deletions
@@ -0,0 +1,234 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Uses of the Data Loss Prevention API for deidentifying sensitive data."""
+
+from __future__ import annotations
+
+import argparse
+
+import time
+from typing import List
+
+import google.cloud.dlp
+
+
+# [START dlp_deidentify_cloud_storage]
+def deidentify_cloud_storage(
+    project: str,
+    input_gcs_bucket: str,
+    output_gcs_bucket: str,
+    info_types: List[str],
+    deid_template_id: str,
+    structured_deid_template_id: str,
+    image_redact_template_id: str,
+    dataset_id: str,
+    table_id: str,
+    timeout: int = 300,
+) -> None:
+    """
+    Uses the Data Loss Prevention API to de-identify files in a Google Cloud
+    Storage directory.
+    Args:
+        project: The Google Cloud project id to use as a parent resource.
+        input_gcs_bucket: The name of google cloud storage bucket to inspect.
+        output_gcs_bucket: The name of google cloud storage bucket where
+            de-identified files would be stored.
+        info_types: A list of strings representing info types to look for.
+            A full list of info type categories can be fetched from the API.
+        deid_template_id: The name of the de-identify template for
+            unstructured and structured files.
+        structured_deid_template_id: The name of the de-identify template
+            for structured files.
+        image_redact_template_id: The name of the image redaction template
+            for images.
+        dataset_id: The identifier of the BigQuery dataset where transformation
+            details would be stored.
+        table_id: The identifier of the BigQuery table where transformation
+            details would be stored.
+        timeout: The number of seconds to wait for a response from the API.
+    """
+
+    # Instantiate a client.
+    dlp = google.cloud.dlp_v2.DlpServiceClient()
+
+    # Construct the configuration dictionary.
+    # Specify the type of info the inspection will look for.
+    # See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
+    inspect_config = {
+        "info_types": [{"name": info_type} for info_type in info_types]
+    }
+
+    # Construct cloud_storage_options dictionary with the bucket's URL.
+    storage_config = {
+        "cloud_storage_options": {
+            "file_set": {
+                "url": f"gs://{input_gcs_bucket}"
+            }
+        }
+    }
+
+    # Specify the big query table to store the transformation details.
+    big_query_table = {
+        "project_id": project,
+        "dataset_id": dataset_id,
+        "table_id": table_id,
+    }
+
+    # Convert the project id into a full resource id.
+    parent = f"projects/{project}"
+
+    # Construct Transformation Configuration with de-identify Templates used
+    # for transformation.
+    transformation_config = {
+        "deidentify_template": f"{parent}/deidentifyTemplates/{deid_template_id}",
+        "structured_deidentify_template": f"{parent}/deidentifyTemplates/{structured_deid_template_id}",
+        "image_redact_template": f"{parent}/deidentifyTemplates/{image_redact_template_id}",
+    }
+
+    # Tell the API where to send notification when the job is completed.
+    actions = [
+        {
+            "deidentify": {
+                "cloud_storage_output": f"gs://{output_gcs_bucket}",
+                "transformation_config": transformation_config,
+                "transformation_details_storage_config": {
+                    "table": big_query_table
+                },
+                "file_types_to_transform": ["IMAGE", "CSV", "TEXT_FILE"],
+            }
+        }
+    ]
+
+    # Construct the job definition.
+    inspect_job = {
+        "inspect_config": inspect_config,
+        "storage_config": storage_config,
+        "actions": actions,
+    }
+
+    # Call the API.
+    response = dlp.create_dlp_job(
+        request={
+            "parent": parent,
+            "inspect_job": inspect_job,
+        }
+    )
+
+    job_name = response.name
+    print(f"Inspection Job started : {job_name}")
+
+    # Waiting for the job to get completed.
+    job = dlp.get_dlp_job(request={"name": job_name})
+    # Since the sleep time is kept as 30s, number of calls would be timeout/30.
+    no_of_attempts = timeout//30
+    while no_of_attempts != 0:
+        # Check if the job has completed.
+        if job.state == google.cloud.dlp_v2.DlpJob.JobState.DONE:
+            break
+        if job.state == google.cloud.dlp_v2.DlpJob.JobState.FAILED:
+            print('Job Failed, Please check the configuration.')
+            break
+
+        # Sleep for a short duration before checking the job status again.
+        time.sleep(30)
+        no_of_attempts -= 1
+
+        # Get DLP job status.
+        job = dlp.get_dlp_job(request={"name": job_name})
+
+    if job.state != google.cloud.dlp_v2.DlpJob.JobState.DONE:
+        print(f"Job did not complete within {timeout} minutes.")
+        return
+
+    # Print out the results.
+    print(f"Job name: {job.name}")
+    result = job.inspect_details.result
+    print(f"Processed Bytes: {result.processed_bytes}")
+    if result.info_type_stats:
+        for stats in result.info_type_stats:
+            print(f"Info type: {stats.info_type.name}")
+            print(f"Count: {stats.count}")
+    else:
+        print("No findings.")
+
+
+# [END dlp_deidentify_cloud_storage]
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+
+    parser.add_argument(
+        "project",
+        help="The Google Cloud project id to use as a parent resource.",
+    )
+    parser.add_argument(
+        "--info_types",
+        action="append",
+        help="Strings representing info types to look for. A full list of "
+             "info categories and types is available from the API. Examples "
+             'include "FIRST_NAME", "LAST_NAME", "EMAIL_ADDRESS". ',
+    )
+    parser.add_argument(
+        "input_gcs_bucket",
+        help="The name of google cloud storage bucket to inspect.",
+    )
+    parser.add_argument(
+        "output_gcs_bucket",
+        help="The name of google cloud storage bucket where "
+             "de-identified files would be stored.",
+    )
+    parser.add_argument(
+        "deid_template_id",
+        help="The name of the de-identify template for unstructured "
+             "and structured files.",
+    )
+    parser.add_argument(
+        "structured_deid_template_id",
+        help="The name of the de-identify template for structured files.",
+    )
+    parser.add_argument(
+        "image_redact_template_id",
+        help="The name of the image redaction template for images.",
+    )
+    parser.add_argument(
+        "dataset_id",
+        help="The identifier of the BigQuery dataset where transformation "
+             "details would be stored.",
+    )
+    parser.add_argument(
+        "table_id",
+        help="The identifier of the BigQuery table where transformation "
+             "details would be stored.",
+    )
+    parser.add_argument(
+        "timeout",
+        help="The number of seconds to wait for a response from the API.",
+    )
+
+    args = parser.parse_args()
+
+    deidentify_cloud_storage(
+        args.project,
+        args.input_gcs_bucket,
+        args.output_gcs_bucket,
+        args.info_types,
+        args.deid_template_id,
+        args.structured_deid_template_id,
+        args.image_redact_template_id,
+        args.dataset_id,
+        args.table_id,
+        args.timeout,
+    )
@@ -0,0 +1,79 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import os
+
+from unittest import mock
+from unittest.mock import MagicMock
+
+import google.cloud.dlp_v2
+import pytest
+
+import deid_cloud_storage
+
+GCLOUD_PROJECT = os.getenv("GOOGLE_CLOUD_PROJECT")
+TXT_FILE = os.path.join(os.path.dirname(__file__), "resources/test.txt")
+
+
+@mock.patch("google.cloud.dlp_v2.DlpServiceClient")
+def test_deidentify_cloud_storage(
+    dlp_client: MagicMock,
+    capsys: pytest.CaptureFixture,
+) -> None:
+    # Configure the mock DLP client and its behavior.
+    mock_dlp_instance = dlp_client.return_value
+
+    # Configure the mock CreateDlpJob DLP method and its behavior.
+    test_job = f"projects/{GCLOUD_PROJECT}/dlpJobs/test_job"
+    mock_dlp_instance.create_dlp_job.return_value.name = test_job
+
+    # Configure the mock GetDlpJob DLP method and its behavior.
+    mock_job = mock_dlp_instance.get_dlp_job.return_value
+    mock_job.name = test_job
+    mock_job.state = google.cloud.dlp_v2.DlpJob.JobState.DONE
+
+    # Considering this file is present in gcs bucket.
+    file = open(TXT_FILE, "r")
+    # read the content of file
+    data = file.read()
+    # get the length of the data
+    number_of_characters = len(data)
+
+    mock_job.inspect_details.result.processed_bytes = number_of_characters
+    mock_job.inspect_details.result.info_type_stats.info_type.name = "EMAIL_ADDRESS"
+    finding = mock_job.inspect_details.result.info_type_stats.info_type
+
+    mock_job.inspect_details.result.info_type_stats = [
+        MagicMock(info_type=finding, count=1),
+    ]
+
+    deid_cloud_storage.deidentify_cloud_storage(
+        GCLOUD_PROJECT,
+        "input_bucket",
+        "output_bucket",
+        ['EMAIL_ADDRESS', 'PERSON_NAME', 'PHONE_NUMBER'],
+        "deidentify_template_name",
+        "structured_deidentify_template_name",
+        "image_redaction_template_name",
+        "DATASET_ID",
+        "TABLE_ID",
+        timeout=1,
+    )
+    out, _ = capsys.readouterr()
+    assert test_job in out
+    assert "Processed Bytes" in out
+    assert "Info type: EMAIL_ADDRESS" in out
+
+    create_job_args = mock_dlp_instance.create_dlp_job.call_args
+    mock_dlp_instance.create_dlp_job.assert_called_once_with(request=create_job_args.kwargs['request'])
+    mock_dlp_instance.get_dlp_job.assert_called_once_with(request={'name': test_job})
@@ -36,6 +36,7 @@
 )
 SURROGATE_TYPE = "SSN_TOKEN"
 CSV_FILE = os.path.join(os.path.dirname(__file__), "resources/dates.csv")
+TXT_FILE = os.path.join(os.path.dirname(__file__), "resources/test.txt")
 DATE_SHIFTED_AMOUNT = 30
 DATE_FIELDS = ["birth_date", "register_date"]
 CSV_CONTEXT_FIELD = "name"
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,7 @@`
`36`	`36`	`)`
`37`	`37`	`SURROGATE_TYPE = "SSN_TOKEN"`
`38`	`38`	`CSV_FILE = os.path.join(os.path.dirname(__file__), "resources/dates.csv")`
	`39`	`+TXT_FILE = os.path.join(os.path.dirname(__file__), "resources/test.txt")`
`39`	`40`	`DATE_SHIFTED_AMOUNT = 30`
`40`	`41`	`DATE_FIELDS = ["birth_date", "register_date"]`
`41`	`42`	`CSV_CONTEXT_FIELD = "name"`