RB-21
diff --git a/‎dlp/README.md‎
Lines changed: 62 additions & 0 deletions b/‎dlp/README.md‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎dlp/src/inspect_bigquery_send_to_scc.php‎
Lines changed: 147 additions & 0 deletions b/‎dlp/src/inspect_bigquery_send_to_scc.php‎
Lines changed: 147 additions & 0 deletions
diff --git a/‎dlp/src/inspect_datastore_send_to_scc.php‎
Lines changed: 145 additions & 0 deletions b/‎dlp/src/inspect_datastore_send_to_scc.php‎
Lines changed: 145 additions & 0 deletions
@@ -45,6 +45,68 @@ This simple command-line application demonstrates how to invoke
 
 See the [DLP Documentation](https://cloud.google.com/dlp/docs/inspecting-text) for more information.
 
+## Testing
+
+### Setup
+- Ensure that `GOOGLE_APPLICATION_CREDENTIALS` points to authorized service account credentials file.
+- [Create a Google Cloud Project](https://console.cloud.google.com/projectcreate) and set the `GOOGLE_PROJECT_ID` environment variable.
+    ```
+    export GOOGLE_PROJECT_ID=YOUR_PROJECT_ID
+    ```
+- [Create a Google Cloud Storage bucket](https://console.cloud.google.com/storage) and upload [test.txt](src/test/data/test.txt).
+    - Set the `GOOGLE_STORAGE_BUCKET` environment variable. 
+    - Set the `GCS_PATH` environment variable to point to the path for the bucket file.
+    ```
+    export GOOGLE_STORAGE_BUCKET=YOUR_BUCKET
+    export GCS_PATH=gs://GOOGLE_STORAGE_BUCKET/test.txt
+    ```
+- Set the `DLP_DEID_WRAPPED_KEY` environment variable to an AES-256 key encrypted ('wrapped') [with a Cloud Key Management Service (KMS) key](https://cloud.google.com/kms/docs/encrypt-decrypt).
+- Set the `DLP_DEID_KEY_NAME` environment variable to the path-name of the Cloud KMS key you wrapped `DLP_DEID_WRAPPED_KEY` with.
+    ```
+    export DLP_DEID_WRAPPED_KEY=YOUR_ENCRYPTED_AES_256_KEY
+    export DLP_DEID_KEY_NAME=projects/GOOGLE_PROJECT_ID/locations/YOUR_LOCATION/keyRings/YOUR_KEYRING_NAME/cryptoKeys/YOUR_KEY_NAME
+    ```
+- [Create a De-identify templates](https://console.cloud.google.com/security/dlp/create/template;template=deidentifyTemplate)
+    - Create default de-identify template for unstructured file.
+    - Create a de-identify template for  structured files.
+    - Create image redaction template for images.
+    ```
+    export DLP_DEIDENTIFY_TEMPLATE=YOUR_DEFAULT_DEIDENTIFY_TEMPLATE
+    export DLP_STRUCTURED_DEIDENTIFY_TEMPLATE=YOUR_STRUCTURED_DEIDENTIFY_TEMPLATE
+    export DLP_IMAGE_REDACT_DEIDENTIFY_TEMPLATE=YOUR_IMAGE_REDACT_TEMPLATE
+    ```
+- Copy and paste the data below into a CSV file and [create a BigQuery table](https://cloud.google.com/bigquery/docs/loading-data-local) from the file:
+    ```$xslt
+    Name,TelephoneNumber,Mystery,Age,Gender
+    James,(567) 890-1234,8291 3627 8250 1234,19,Male
+    Gandalf,(223) 456-7890,4231 5555 6781 9876,27,Male
+    Dumbledore,(313) 337-1337,6291 8765 1095 7629,27,Male
+    Joe,(452) 223-1234,3782 2288 1166 3030,35,Male
+    Marie,(452) 223-1234,8291 3627 8250 1234,35,Female
+    Carrie,(567) 890-1234,2253 5218 4251 4526,35,Female
+    ```
+  Set the `DLP_DATASET_ID` and `DLP_TABLE_ID` environment values.
+  ```
+  export DLP_DATASET_ID=YOUR_BIGQUERY_DATASET_ID
+  export DLP_TABLE_ID=YOUR_TABLE_ID
+  ```
+- [Create a Google Cloud Datastore](https://console.cloud.google.com/datastore) kind and add an entity with properties:
+    ```
+    Email : [email protected]
+    Person Name : John
+    Phone Number : 343-343-3435
+
+    Email : [email protected]
+    Person Name : Gary
+    Phone Number : 343-443-3136
+    ```
+    Provide namespace and kind values.
+    -   Set the environment variables `DLP_NAMESPACE_ID` and `DLP_DATASTORE_KIND` with the values provided in above step.
+    ```
+    export DLP_NAMESPACE_ID=YOUR_NAMESPACE_ID
+    export DLP_DATASTORE_KIND=YOUR_DATASTORE_KIND
+    ```
+
 ## Troubleshooting
 
 ### bcmath extension missing
 
@@ -0,0 +1,147 @@
+<?php
+/**
+ * Copyright 2023 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the samples:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/dlp/README.md
+ */
+
+namespace Google\Cloud\Samples\Dlp;
+
+# [START dlp_inspect_bigquery_send_to_scc]
+use Google\Cloud\Dlp\V2\DlpServiceClient;
+use Google\Cloud\Dlp\V2\InfoType;
+use Google\Cloud\Dlp\V2\InspectConfig;
+use Google\Cloud\Dlp\V2\InspectConfig\FindingLimits;
+use Google\Cloud\Dlp\V2\StorageConfig;
+use Google\Cloud\Dlp\V2\Likelihood;
+use Google\Cloud\Dlp\V2\Action;
+use Google\Cloud\Dlp\V2\Action\PublishSummaryToCscc;
+use Google\Cloud\Dlp\V2\BigQueryOptions;
+use Google\Cloud\Dlp\V2\BigQueryTable;
+use Google\Cloud\Dlp\V2\InspectJobConfig;
+use Google\Cloud\Dlp\V2\DlpJob\JobState;
+
+/**
+ * (BIGQUERY) Send Cloud DLP scan results to Security Command Center.
+ * Using Cloud Data Loss Prevention to scan specific Google Cloud resources and send data to Security Command Center.
+ *
+ * @param string $callingProjectId  The project ID to run the API call under.
+ * @param string $projectId         The ID of the Project.
+ * @param string $datasetId         The ID of the BigQuery Dataset.
+ * @param string $tableId           The ID of the BigQuery Table to be inspected.
+ */
+function inspect_bigquery_send_to_scc(
+    // TODO(developer): Replace sample parameters before running the code.
+    string $callingProjectId,
+    string $projectId,
+    string $datasetId,
+    string $tableId
+): void {
+    // Instantiate a client.
+    $dlp = new DlpServiceClient();
+
+    // Construct the items to be inspected.
+    $bigqueryTable = (new BigQueryTable())
+        ->setProjectId($projectId)
+        ->setDatasetId($datasetId)
+        ->setTableId($tableId);
+    $bigQueryOptions = (new BigQueryOptions())
+        ->setTableReference($bigqueryTable);
+
+    $storageConfig = (new StorageConfig())
+        ->setBigQueryOptions(($bigQueryOptions));
+
+    // Specify the type of info the inspection will look for.
+    $infoTypes = [
+        (new InfoType())->setName('EMAIL_ADDRESS'),
+        (new InfoType())->setName('PERSON_NAME'),
+        (new InfoType())->setName('LOCATION'),
+        (new InfoType())->setName('PHONE_NUMBER')
+    ];
+
+    // Specify how the content should be inspected.
+    $inspectConfig = (new InspectConfig())
+        ->setMinLikelihood(likelihood::UNLIKELY)
+        ->setLimits((new FindingLimits())
+            ->setMaxFindingsPerRequest(100))
+        ->setInfoTypes($infoTypes)
+        ->setIncludeQuote(true);
+
+    // Specify the action that is triggered when the job completes.
+    $action = (new Action())
+        ->setPublishSummaryToCscc(new PublishSummaryToCscc());
+
+    // Configure the inspection job we want the service to perform.
+    $inspectJobConfig = (new InspectJobConfig())
+        ->setInspectConfig($inspectConfig)
+        ->setStorageConfig($storageConfig)
+        ->setActions([$action]);
+
+    // Send the job creation request and process the response.
+    $parent = "projects/$callingProjectId/locations/global";
+    $job = $dlp->createDlpJob($parent, [
+        'inspectJob' => $inspectJobConfig
+    ]);
+
+    $numOfAttempts = 10;
+    do {
+        printf('Waiting for job to complete' . PHP_EOL);
+        sleep(10);
+        $job = $dlp->getDlpJob($job->getName());
+        if ($job->getState() == JobState::DONE) {
+            break;
+        }
+        $numOfAttempts--;
+    } while ($numOfAttempts > 0);
+
+    // Print finding counts.
+    printf('Job %s status: %s' . PHP_EOL, $job->getName(), JobState::name($job->getState()));
+    switch ($job->getState()) {
+        case JobState::DONE:
+            $infoTypeStats = $job->getInspectDetails()->getResult()->getInfoTypeStats();
+            if (count($infoTypeStats) === 0) {
+                printf('No findings.' . PHP_EOL);
+            } else {
+                foreach ($infoTypeStats as $infoTypeStat) {
+                    printf(
+                        '  Found %s instance(s) of infoType %s' . PHP_EOL,
+                        $infoTypeStat->getCount(),
+                        $infoTypeStat->getInfoType()->getName()
+                    );
+                }
+            }
+            break;
+        case JobState::FAILED:
+            printf('Job %s had errors:' . PHP_EOL, $job->getName());
+            $errors = $job->getErrors();
+            foreach ($errors as $error) {
+                var_dump($error->getDetails());
+            }
+            break;
+        case JobState::PENDING:
+            printf('Job has not completed. Consider a longer timeout or an asynchronous execution model' . PHP_EOL);
+            break;
+        default:
+            printf('Unexpected job state. Most likely, the job is either running or has not yet started.');
+    }
+}
+# [END dlp_inspect_bigquery_send_to_scc]
+// The following 2 lines are only needed to run the samples
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);
@@ -0,0 +1,145 @@
+<?php
+/**
+ * Copyright 2023 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the samples:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/dlp/README.md
+ */
+
+namespace Google\Cloud\Samples\Dlp;
+
+# [START dlp_inspect_datastore_send_to_scc]
+use Google\Cloud\Dlp\V2\DlpServiceClient;
+use Google\Cloud\Dlp\V2\InfoType;
+use Google\Cloud\Dlp\V2\InspectConfig;
+use Google\Cloud\Dlp\V2\InspectConfig\FindingLimits;
+use Google\Cloud\Dlp\V2\StorageConfig;
+use Google\Cloud\Dlp\V2\Likelihood;
+use Google\Cloud\Dlp\V2\Action;
+use Google\Cloud\Dlp\V2\Action\PublishSummaryToCscc;
+use Google\Cloud\Dlp\V2\DatastoreOptions;
+use Google\Cloud\Dlp\V2\InspectJobConfig;
+use Google\Cloud\Dlp\V2\KindExpression;
+use Google\Cloud\Dlp\V2\PartitionId;
+use Google\Cloud\Dlp\V2\DlpJob\JobState;
+
+/**
+ * (DATASTORE) Send Cloud DLP scan results to Security Command Center.
+ * Using Cloud Data Loss Prevention to scan specific Google Cloud resources and send data to Security Command Center.
+ *
+ * @param string $callingProjectId  The project ID to run the API call under.
+ * @param string $kindName          Datastore kind name to be inspected.
+ * @param string $namespaceId       Namespace Id to be inspected.
+ */
+function inspect_datastore_send_to_scc(
+    string $callingProjectId,
+    string $kindName,
+    string $namespaceId
+): void {
+    // Instantiate a client.
+    $dlp = new DlpServiceClient();
+
+    // Construct the items to be inspected.
+    $datastoreOptions = (new DatastoreOptions())
+        ->setKind((new KindExpression())
+            ->setName($kindName))
+        ->setPartitionId((new PartitionId())
+            ->setNamespaceId($namespaceId)
+            ->setProjectId($callingProjectId));
+
+    $storageConfig = (new StorageConfig())
+        ->setDatastoreOptions(($datastoreOptions));
+
+    // Specify the type of info the inspection will look for.
+    $infoTypes = [
+        (new InfoType())->setName('EMAIL_ADDRESS'),
+        (new InfoType())->setName('PERSON_NAME'),
+        (new InfoType())->setName('LOCATION'),
+        (new InfoType())->setName('PHONE_NUMBER')
+    ];
+
+    // Specify how the content should be inspected.
+    $inspectConfig = (new InspectConfig())
+        ->setMinLikelihood(likelihood::UNLIKELY)
+        ->setLimits((new FindingLimits())
+            ->setMaxFindingsPerRequest(100))
+        ->setInfoTypes($infoTypes)
+        ->setIncludeQuote(true);
+
+    // Specify the action that is triggered when the job completes.
+    $action = (new Action())
+        ->setPublishSummaryToCscc(new PublishSummaryToCscc());
+
+    // Construct inspect job config to run.
+    $inspectJobConfig = (new InspectJobConfig())
+        ->setInspectConfig($inspectConfig)
+        ->setStorageConfig($storageConfig)
+        ->setActions([$action]);
+
+    // Send the job creation request and process the response.
+    $parent = "projects/$callingProjectId/locations/global";
+    $job = $dlp->createDlpJob($parent, [
+        'inspectJob' => $inspectJobConfig
+    ]);
+
+    $numOfAttempts = 10;
+    do {
+        printf('Waiting for job to complete' . PHP_EOL);
+        sleep(10);
+        $job = $dlp->getDlpJob($job->getName());
+        if ($job->getState() == JobState::DONE) {
+            break;
+        }
+        $numOfAttempts--;
+    } while ($numOfAttempts > 0);
+
+    // Print finding counts.
+    printf('Job %s status: %s' . PHP_EOL, $job->getName(), JobState::name($job->getState()));
+    switch ($job->getState()) {
+        case JobState::DONE:
+            $infoTypeStats = $job->getInspectDetails()->getResult()->getInfoTypeStats();
+            if (count($infoTypeStats) === 0) {
+                printf('No findings.' . PHP_EOL);
+            } else {
+                foreach ($infoTypeStats as $infoTypeStat) {
+                    printf(
+                        '  Found %s instance(s) of infoType %s' . PHP_EOL,
+                        $infoTypeStat->getCount(),
+                        $infoTypeStat->getInfoType()->getName()
+                    );
+                }
+            }
+            break;
+        case JobState::FAILED:
+            printf('Job %s had errors:' . PHP_EOL, $job->getName());
+            $errors = $job->getErrors();
+            foreach ($errors as $error) {
+                var_dump($error->getDetails());
+            }
+            break;
+        case JobState::PENDING:
+            printf('Job has not completed. Consider a longer timeout or an asynchronous execution model' . PHP_EOL);
+            break;
+        default:
+            printf('Unexpected job state. Most likely, the job is either running or has not yet started.');
+    }
+}
+# [END dlp_inspect_datastore_send_to_scc]
+// The following 2 lines are only needed to run the samples
+require_once __DIR__ . '/../../testing/sample_helpers.php';
+\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv);