googleBigqueryDatapolicyDataPolicy
A BigQuery Data Policy
To get more information about DataPolicy, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Bigquery Datapolicy Data Policy Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleDataCatalogTaxonomyTaxonomy =
new google.dataCatalogTaxonomy.DataCatalogTaxonomy(this, "taxonomy", {
activated_policy_types: ["FINE_GRAINED_ACCESS_CONTROL"],
description: "A collection of policy tags",
display_name: "taxonomy",
region: "us-central1",
});
const googleDataCatalogPolicyTagPolicyTag =
new google.dataCatalogPolicyTag.DataCatalogPolicyTag(this, "policy_tag", {
description: "A policy tag normally associated with low security items",
display_name: "Low security",
taxonomy: googleDataCatalogTaxonomyTaxonomy.id,
});
new google.bigqueryDatapolicyDataPolicy.BigqueryDatapolicyDataPolicy(
this,
"data_policy",
{
data_policy_id: "data_policy",
data_policy_type: "COLUMN_LEVEL_SECURITY_POLICY",
location: "us-central1",
policy_tag: googleDataCatalogPolicyTagPolicyTag.name,
}
);
Argument Reference
The following arguments are supported:
-
dataPolicyId
- (Required) User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. -
location
- (Required) The name of the location of the data policy. -
policyTag
- (Required) Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. -
dataPolicyType
- (Required) The enrollment level of the service. Possible values arecolumnLevelSecurityPolicy
anddataMaskingPolicy
.
-
dataMaskingPolicy
- (Optional) The data masking policy that specifies the data masking rule to use. Structure is documented below. -
project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
The dataMaskingPolicy
block supports:
predefinedExpression
- (Required) The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values aresha256
,alwaysNull
,defaultMaskingValue
,lastFourCharacters
,firstFourCharacters
,emailMask
, anddateYearMask
.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with formatprojects/{{project}}/locations/{{location}}/dataPolicies/{{dataPolicyId}}
-
name
- Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
Import
DataPolicy can be imported using any of these accepted formats:
$ terraform import google_bigquery_datapolicy_data_policy.default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{project}}/{{location}}/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{location}}/{{data_policy_id}}
User Project Overrides
This resource supports User Project Overrides.