1. Packages
  2. Datadog
  3. API Docs
  4. SensitiveDataScannerRule
Datadog v4.23.0 published on Wednesday, Sep 27, 2023 by Pulumi

datadog.SensitiveDataScannerRule

Explore with Pulumi AI

datadog logo
Datadog v4.23.0 published on Wednesday, Sep 27, 2023 by Pulumi

    Provides a Datadog SensitiveDataScannerRule resource. This can be used to create and manage Datadog sensitive_data_scanner_rule.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Datadog = Pulumi.Datadog;
    
    return await Deployment.RunAsync(() => 
    {
        // Create new sensitive_data_scanner_rule resource in a sensitive_data_scanner_group
        var mygroup = new Datadog.SensitiveDataScannerGroup("mygroup", new()
        {
            Name = "My new scanning group",
            Description = "A relevant description",
            Filter = new Datadog.Inputs.SensitiveDataScannerGroupFilterArgs
            {
                Query = "service:my-service",
            },
            IsEnabled = true,
            ProductLists = new[]
            {
                "apm",
            },
        });
    
        var myrule = new Datadog.SensitiveDataScannerRule("myrule", new()
        {
            Name = "My new rule",
            Description = "Another description",
            GroupId = mygroup.Id,
            ExcludedNamespaces = new[]
            {
                "username",
            },
            IsEnabled = true,
            Pattern = "myregex",
            Tags = new[]
            {
                "sensitive_data:true",
            },
            TextReplacement = new Datadog.Inputs.SensitiveDataScannerRuleTextReplacementArgs
            {
                NumberOfChars = 0,
                ReplacementString = "",
                Type = "hash",
            },
        });
    
        var awsSp = Datadog.GetSensitiveDataScannerStandardPattern.Invoke(new()
        {
            Filter = "AWS Access Key ID Scanner",
        });
    
        var mylibraryrule = new Datadog.SensitiveDataScannerRule("mylibraryrule", new()
        {
            Name = "My library rule",
            Description = "A description",
            GroupId = mygroup.Id,
            StandardPatternId = awsSp.Apply(getSensitiveDataScannerStandardPatternResult => getSensitiveDataScannerStandardPatternResult.Id),
            ExcludedNamespaces = new[]
            {
                "username",
            },
            IsEnabled = true,
            Tags = new[]
            {
                "sensitive_data:true",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-datadog/sdk/v4/go/datadog"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mygroup, err := datadog.NewSensitiveDataScannerGroup(ctx, "mygroup", &datadog.SensitiveDataScannerGroupArgs{
    			Name:        pulumi.String("My new scanning group"),
    			Description: pulumi.String("A relevant description"),
    			Filter: &datadog.SensitiveDataScannerGroupFilterArgs{
    				Query: pulumi.String("service:my-service"),
    			},
    			IsEnabled: pulumi.Bool(true),
    			ProductLists: pulumi.StringArray{
    				pulumi.String("apm"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = datadog.NewSensitiveDataScannerRule(ctx, "myrule", &datadog.SensitiveDataScannerRuleArgs{
    			Name:        pulumi.String("My new rule"),
    			Description: pulumi.String("Another description"),
    			GroupId:     mygroup.ID(),
    			ExcludedNamespaces: pulumi.StringArray{
    				pulumi.String("username"),
    			},
    			IsEnabled: pulumi.Bool(true),
    			Pattern:   pulumi.String("myregex"),
    			Tags: pulumi.StringArray{
    				pulumi.String("sensitive_data:true"),
    			},
    			TextReplacement: &datadog.SensitiveDataScannerRuleTextReplacementArgs{
    				NumberOfChars:     pulumi.Int(0),
    				ReplacementString: pulumi.String(""),
    				Type:              pulumi.String("hash"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		awsSp, err := datadog.GetSensitiveDataScannerStandardPattern(ctx, &datadog.GetSensitiveDataScannerStandardPatternArgs{
    			Filter: "AWS Access Key ID Scanner",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = datadog.NewSensitiveDataScannerRule(ctx, "mylibraryrule", &datadog.SensitiveDataScannerRuleArgs{
    			Name:              pulumi.String("My library rule"),
    			Description:       pulumi.String("A description"),
    			GroupId:           mygroup.ID(),
    			StandardPatternId: *pulumi.String(awsSp.Id),
    			ExcludedNamespaces: pulumi.StringArray{
    				pulumi.String("username"),
    			},
    			IsEnabled: pulumi.Bool(true),
    			Tags: pulumi.StringArray{
    				pulumi.String("sensitive_data:true"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.datadog.SensitiveDataScannerGroup;
    import com.pulumi.datadog.SensitiveDataScannerGroupArgs;
    import com.pulumi.datadog.inputs.SensitiveDataScannerGroupFilterArgs;
    import com.pulumi.datadog.SensitiveDataScannerRule;
    import com.pulumi.datadog.SensitiveDataScannerRuleArgs;
    import com.pulumi.datadog.inputs.SensitiveDataScannerRuleTextReplacementArgs;
    import com.pulumi.datadog.DatadogFunctions;
    import com.pulumi.datadog.inputs.GetSensitiveDataScannerStandardPatternArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mygroup = new SensitiveDataScannerGroup("mygroup", SensitiveDataScannerGroupArgs.builder()        
                .name("My new scanning group")
                .description("A relevant description")
                .filter(SensitiveDataScannerGroupFilterArgs.builder()
                    .query("service:my-service")
                    .build())
                .isEnabled(true)
                .productLists("apm")
                .build());
    
            var myrule = new SensitiveDataScannerRule("myrule", SensitiveDataScannerRuleArgs.builder()        
                .name("My new rule")
                .description("Another description")
                .groupId(mygroup.id())
                .excludedNamespaces("username")
                .isEnabled(true)
                .pattern("myregex")
                .tags("sensitive_data:true")
                .textReplacement(SensitiveDataScannerRuleTextReplacementArgs.builder()
                    .numberOfChars(0)
                    .replacementString("")
                    .type("hash")
                    .build())
                .build());
    
            final var awsSp = DatadogFunctions.getSensitiveDataScannerStandardPattern(GetSensitiveDataScannerStandardPatternArgs.builder()
                .filter("AWS Access Key ID Scanner")
                .build());
    
            var mylibraryrule = new SensitiveDataScannerRule("mylibraryrule", SensitiveDataScannerRuleArgs.builder()        
                .name("My library rule")
                .description("A description")
                .groupId(mygroup.id())
                .standardPatternId(awsSp.applyValue(getSensitiveDataScannerStandardPatternResult -> getSensitiveDataScannerStandardPatternResult.id()))
                .excludedNamespaces("username")
                .isEnabled(true)
                .tags("sensitive_data:true")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_datadog as datadog
    
    # Create new sensitive_data_scanner_rule resource in a sensitive_data_scanner_group
    mygroup = datadog.SensitiveDataScannerGroup("mygroup",
        name="My new scanning group",
        description="A relevant description",
        filter=datadog.SensitiveDataScannerGroupFilterArgs(
            query="service:my-service",
        ),
        is_enabled=True,
        product_lists=["apm"])
    myrule = datadog.SensitiveDataScannerRule("myrule",
        name="My new rule",
        description="Another description",
        group_id=mygroup.id,
        excluded_namespaces=["username"],
        is_enabled=True,
        pattern="myregex",
        tags=["sensitive_data:true"],
        text_replacement=datadog.SensitiveDataScannerRuleTextReplacementArgs(
            number_of_chars=0,
            replacement_string="",
            type="hash",
        ))
    aws_sp = datadog.get_sensitive_data_scanner_standard_pattern(filter="AWS Access Key ID Scanner")
    mylibraryrule = datadog.SensitiveDataScannerRule("mylibraryrule",
        name="My library rule",
        description="A description",
        group_id=mygroup.id,
        standard_pattern_id=aws_sp.id,
        excluded_namespaces=["username"],
        is_enabled=True,
        tags=["sensitive_data:true"])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as datadog from "@pulumi/datadog";
    
    // Create new sensitive_data_scanner_rule resource in a sensitive_data_scanner_group
    const mygroup = new datadog.SensitiveDataScannerGroup("mygroup", {
        name: "My new scanning group",
        description: "A relevant description",
        filter: {
            query: "service:my-service",
        },
        isEnabled: true,
        productLists: ["apm"],
    });
    const myrule = new datadog.SensitiveDataScannerRule("myrule", {
        name: "My new rule",
        description: "Another description",
        groupId: mygroup.id,
        excludedNamespaces: ["username"],
        isEnabled: true,
        pattern: "myregex",
        tags: ["sensitive_data:true"],
        textReplacement: {
            numberOfChars: 0,
            replacementString: "",
            type: "hash",
        },
    });
    const awsSp = datadog.getSensitiveDataScannerStandardPattern({
        filter: "AWS Access Key ID Scanner",
    });
    const mylibraryrule = new datadog.SensitiveDataScannerRule("mylibraryrule", {
        name: "My library rule",
        description: "A description",
        groupId: mygroup.id,
        standardPatternId: awsSp.then(awsSp => awsSp.id),
        excludedNamespaces: ["username"],
        isEnabled: true,
        tags: ["sensitive_data:true"],
    });
    
    resources:
      # Create new sensitive_data_scanner_rule resource in a sensitive_data_scanner_group
      mygroup:
        type: datadog:SensitiveDataScannerGroup
        properties:
          name: My new scanning group
          description: A relevant description
          filter:
            query: service:my-service
          isEnabled: true
          productLists:
            - apm
      myrule:
        type: datadog:SensitiveDataScannerRule
        properties:
          name: My new rule
          description: Another description
          groupId: ${mygroup.id}
          excludedNamespaces:
            - username
          isEnabled: true
          pattern: myregex
          tags:
            - sensitive_data:true
          textReplacement:
            numberOfChars: 0
            replacementString:
            type: hash
      mylibraryrule:
        type: datadog:SensitiveDataScannerRule
        properties:
          name: My library rule
          description: A description
          groupId: ${mygroup.id}
          # As standard_pattern_id is provided, the resource MUST NOT contain the "pattern" attribute
          standardPatternId: ${awsSp.id}
          excludedNamespaces:
            - username
          isEnabled: true
          tags:
            - sensitive_data:true
    variables:
      awsSp:
        fn::invoke:
          Function: datadog:getSensitiveDataScannerStandardPattern
          Arguments:
            filter: AWS Access Key ID Scanner
    

    Create SensitiveDataScannerRule Resource

    new SensitiveDataScannerRule(name: string, args: SensitiveDataScannerRuleArgs, opts?: CustomResourceOptions);
    @overload
    def SensitiveDataScannerRule(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 description: Optional[str] = None,
                                 excluded_namespaces: Optional[Sequence[str]] = None,
                                 group_id: Optional[str] = None,
                                 is_enabled: Optional[bool] = None,
                                 name: Optional[str] = None,
                                 namespaces: Optional[Sequence[str]] = None,
                                 pattern: Optional[str] = None,
                                 standard_pattern_id: Optional[str] = None,
                                 tags: Optional[Sequence[str]] = None,
                                 text_replacement: Optional[SensitiveDataScannerRuleTextReplacementArgs] = None)
    @overload
    def SensitiveDataScannerRule(resource_name: str,
                                 args: SensitiveDataScannerRuleArgs,
                                 opts: Optional[ResourceOptions] = None)
    func NewSensitiveDataScannerRule(ctx *Context, name string, args SensitiveDataScannerRuleArgs, opts ...ResourceOption) (*SensitiveDataScannerRule, error)
    public SensitiveDataScannerRule(string name, SensitiveDataScannerRuleArgs args, CustomResourceOptions? opts = null)
    public SensitiveDataScannerRule(String name, SensitiveDataScannerRuleArgs args)
    public SensitiveDataScannerRule(String name, SensitiveDataScannerRuleArgs args, CustomResourceOptions options)
    
    type: datadog:SensitiveDataScannerRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args SensitiveDataScannerRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SensitiveDataScannerRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SensitiveDataScannerRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SensitiveDataScannerRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SensitiveDataScannerRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    SensitiveDataScannerRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The SensitiveDataScannerRule resource accepts the following input properties:

    GroupId string

    Id of the scanning group the rule belongs to.

    Description string

    Description of the rule.

    ExcludedNamespaces List<string>

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    IsEnabled bool

    Whether or not the rule is enabled.

    Name string

    Name of the rule.

    Namespaces List<string>

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    Pattern string

    Not included if there is a relationship to a standard pattern.

    StandardPatternId string

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    Tags List<string>

    List of tags.

    TextReplacement SensitiveDataScannerRuleTextReplacement

    Object describing how the scanned event will be replaced. Defaults to type: none

    GroupId string

    Id of the scanning group the rule belongs to.

    Description string

    Description of the rule.

    ExcludedNamespaces []string

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    IsEnabled bool

    Whether or not the rule is enabled.

    Name string

    Name of the rule.

    Namespaces []string

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    Pattern string

    Not included if there is a relationship to a standard pattern.

    StandardPatternId string

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    Tags []string

    List of tags.

    TextReplacement SensitiveDataScannerRuleTextReplacementArgs

    Object describing how the scanned event will be replaced. Defaults to type: none

    groupId String

    Id of the scanning group the rule belongs to.

    description String

    Description of the rule.

    excludedNamespaces List<String>

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    isEnabled Boolean

    Whether or not the rule is enabled.

    name String

    Name of the rule.

    namespaces List<String>

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern String

    Not included if there is a relationship to a standard pattern.

    standardPatternId String

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags List<String>

    List of tags.

    textReplacement SensitiveDataScannerRuleTextReplacement

    Object describing how the scanned event will be replaced. Defaults to type: none

    groupId string

    Id of the scanning group the rule belongs to.

    description string

    Description of the rule.

    excludedNamespaces string[]

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    isEnabled boolean

    Whether or not the rule is enabled.

    name string

    Name of the rule.

    namespaces string[]

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern string

    Not included if there is a relationship to a standard pattern.

    standardPatternId string

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags string[]

    List of tags.

    textReplacement SensitiveDataScannerRuleTextReplacement

    Object describing how the scanned event will be replaced. Defaults to type: none

    group_id str

    Id of the scanning group the rule belongs to.

    description str

    Description of the rule.

    excluded_namespaces Sequence[str]

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    is_enabled bool

    Whether or not the rule is enabled.

    name str

    Name of the rule.

    namespaces Sequence[str]

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern str

    Not included if there is a relationship to a standard pattern.

    standard_pattern_id str

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags Sequence[str]

    List of tags.

    text_replacement SensitiveDataScannerRuleTextReplacementArgs

    Object describing how the scanned event will be replaced. Defaults to type: none

    groupId String

    Id of the scanning group the rule belongs to.

    description String

    Description of the rule.

    excludedNamespaces List<String>

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    isEnabled Boolean

    Whether or not the rule is enabled.

    name String

    Name of the rule.

    namespaces List<String>

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern String

    Not included if there is a relationship to a standard pattern.

    standardPatternId String

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags List<String>

    List of tags.

    textReplacement Property Map

    Object describing how the scanned event will be replaced. Defaults to type: none

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SensitiveDataScannerRule resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing SensitiveDataScannerRule Resource

    Get an existing SensitiveDataScannerRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SensitiveDataScannerRuleState, opts?: CustomResourceOptions): SensitiveDataScannerRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            description: Optional[str] = None,
            excluded_namespaces: Optional[Sequence[str]] = None,
            group_id: Optional[str] = None,
            is_enabled: Optional[bool] = None,
            name: Optional[str] = None,
            namespaces: Optional[Sequence[str]] = None,
            pattern: Optional[str] = None,
            standard_pattern_id: Optional[str] = None,
            tags: Optional[Sequence[str]] = None,
            text_replacement: Optional[SensitiveDataScannerRuleTextReplacementArgs] = None) -> SensitiveDataScannerRule
    func GetSensitiveDataScannerRule(ctx *Context, name string, id IDInput, state *SensitiveDataScannerRuleState, opts ...ResourceOption) (*SensitiveDataScannerRule, error)
    public static SensitiveDataScannerRule Get(string name, Input<string> id, SensitiveDataScannerRuleState? state, CustomResourceOptions? opts = null)
    public static SensitiveDataScannerRule get(String name, Output<String> id, SensitiveDataScannerRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Description string

    Description of the rule.

    ExcludedNamespaces List<string>

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    GroupId string

    Id of the scanning group the rule belongs to.

    IsEnabled bool

    Whether or not the rule is enabled.

    Name string

    Name of the rule.

    Namespaces List<string>

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    Pattern string

    Not included if there is a relationship to a standard pattern.

    StandardPatternId string

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    Tags List<string>

    List of tags.

    TextReplacement SensitiveDataScannerRuleTextReplacement

    Object describing how the scanned event will be replaced. Defaults to type: none

    Description string

    Description of the rule.

    ExcludedNamespaces []string

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    GroupId string

    Id of the scanning group the rule belongs to.

    IsEnabled bool

    Whether or not the rule is enabled.

    Name string

    Name of the rule.

    Namespaces []string

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    Pattern string

    Not included if there is a relationship to a standard pattern.

    StandardPatternId string

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    Tags []string

    List of tags.

    TextReplacement SensitiveDataScannerRuleTextReplacementArgs

    Object describing how the scanned event will be replaced. Defaults to type: none

    description String

    Description of the rule.

    excludedNamespaces List<String>

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    groupId String

    Id of the scanning group the rule belongs to.

    isEnabled Boolean

    Whether or not the rule is enabled.

    name String

    Name of the rule.

    namespaces List<String>

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern String

    Not included if there is a relationship to a standard pattern.

    standardPatternId String

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags List<String>

    List of tags.

    textReplacement SensitiveDataScannerRuleTextReplacement

    Object describing how the scanned event will be replaced. Defaults to type: none

    description string

    Description of the rule.

    excludedNamespaces string[]

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    groupId string

    Id of the scanning group the rule belongs to.

    isEnabled boolean

    Whether or not the rule is enabled.

    name string

    Name of the rule.

    namespaces string[]

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern string

    Not included if there is a relationship to a standard pattern.

    standardPatternId string

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags string[]

    List of tags.

    textReplacement SensitiveDataScannerRuleTextReplacement

    Object describing how the scanned event will be replaced. Defaults to type: none

    description str

    Description of the rule.

    excluded_namespaces Sequence[str]

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    group_id str

    Id of the scanning group the rule belongs to.

    is_enabled bool

    Whether or not the rule is enabled.

    name str

    Name of the rule.

    namespaces Sequence[str]

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern str

    Not included if there is a relationship to a standard pattern.

    standard_pattern_id str

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags Sequence[str]

    List of tags.

    text_replacement SensitiveDataScannerRuleTextReplacementArgs

    Object describing how the scanned event will be replaced. Defaults to type: none

    description String

    Description of the rule.

    excludedNamespaces List<String>

    Attributes excluded from the scan. If namespaces is provided, it has to be a sub-path of the namespaces array.

    groupId String

    Id of the scanning group the rule belongs to.

    isEnabled Boolean

    Whether or not the rule is enabled.

    name String

    Name of the rule.

    namespaces List<String>

    Attributes included in the scan. If namespaces is empty or missing, all attributes except excluded_namespaces are scanned. If both are missing the whole event is scanned.

    pattern String

    Not included if there is a relationship to a standard pattern.

    standardPatternId String

    Id of the standard pattern the rule refers to. If provided, then pattern must not be provided.

    tags List<String>

    List of tags.

    textReplacement Property Map

    Object describing how the scanned event will be replaced. Defaults to type: none

    Supporting Types

    SensitiveDataScannerRuleTextReplacement, SensitiveDataScannerRuleTextReplacementArgs

    Type string

    Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.

    NumberOfChars int

    Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.

    ReplacementString string

    Required if type == 'replacement_string'.

    Type string

    Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.

    NumberOfChars int

    Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.

    ReplacementString string

    Required if type == 'replacement_string'.

    type String

    Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.

    numberOfChars Integer

    Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.

    replacementString String

    Required if type == 'replacement_string'.

    type string

    Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.

    numberOfChars number

    Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.

    replacementString string

    Required if type == 'replacement_string'.

    type str

    Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.

    number_of_chars int

    Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.

    replacement_string str

    Required if type == 'replacement_string'.

    type String

    Type of the replacement text. None means no replacement. hash means the data will be stubbed. replacementstring means that one can chose a text to replace the data. partialreplacementfrombeginning allows a user to partially replace the data from the beginning, and partialreplacementfrom_end on the other hand, allows to replace data from the end. Valid values are none, hash, replacement_string, partial_replacement_from_beginning, partial_replacement_from_end.

    numberOfChars Number

    Required if type == 'partialreplacementfrombeginning' or 'partialreplacementfromend'. It must be > 0.

    replacementString String

    Required if type == 'replacement_string'.

    Import

     $ pulumi import datadog:index/sensitiveDataScannerRule:SensitiveDataScannerRule new_list ""
    

    Package Details

    Repository
    Datadog pulumi/pulumi-datadog
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the datadog Terraform Provider.

    datadog logo
    Datadog v4.23.0 published on Wednesday, Sep 27, 2023 by Pulumi