googleBigqueryDatapolicyDataPolicy

A BigQuery Data Policy

To get more information about DataPolicy, see:

• API documentation
• How-to Guides
• Official Documentation

Example Usage - Bigquery Datapolicy Data Policy Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleDataCatalogTaxonomyTaxonomy =
  new google.dataCatalogTaxonomy.DataCatalogTaxonomy(this, "taxonomy", {
    activated_policy_types: ["FINE_GRAINED_ACCESS_CONTROL"],
    description: "A collection of policy tags",
    display_name: "taxonomy",
    region: "us-central1",
  });
const googleDataCatalogPolicyTagPolicyTag =
  new google.dataCatalogPolicyTag.DataCatalogPolicyTag(this, "policy_tag", {
    description: "A policy tag normally associated with low security items",
    display_name: "Low security",
    taxonomy: googleDataCatalogTaxonomyTaxonomy.id,
  });
new google.bigqueryDatapolicyDataPolicy.BigqueryDatapolicyDataPolicy(
  this,
  "data_policy",
  {
    data_policy_id: "data_policy",
    data_policy_type: "COLUMN_LEVEL_SECURITY_POLICY",
    location: "us-central1",
    policy_tag: googleDataCatalogPolicyTagPolicyTag.name,
  }
);

Argument Reference

The following arguments are supported:

• dataPolicyId - (Required) User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.

• location - (Required) The name of the location of the data policy.

• policyTag - (Required) Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.

• dataPolicyType - (Required) The enrollment level of the service. Possible values are columnLevelSecurityPolicy and dataMaskingPolicy.

• dataMaskingPolicy - (Optional) The data masking policy that specifies the data masking rule to use. Structure is documented below.

• project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The dataMaskingPolicy block supports:

• predefinedExpression - (Required) The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values are sha256, alwaysNull, defaultMaskingValue, lastFourCharacters, firstFourCharacters, emailMask, and dateYearMask.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataPolicies/{{dataPolicyId}}

• name - Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.

Timeouts

This resource provides the following Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

DataPolicy can be imported using any of these accepted formats:

$ terraform import google_bigquery_datapolicy_data_policy.default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{project}}/{{location}}/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{location}}/{{data_policy_id}}

User Project Overrides

This resource supports User Project Overrides.