subcategory | page_title | description |
---|---|---|
BigQuery Data Policy |
Google: google_bigquery_datapolicy_data_policy |
A BigQuery Data Policy |
A BigQuery Data Policy
~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.
To get more information about DataPolicy, see:
- API documentation
- How-to Guides
resource "google_bigquery_datapolicy_data_policy" "data_policy" {
provider = google-beta
location = "us-central1"
data_policy_id = "data_policy"
policy_tag = google_data_catalog_policy_tag.policy_tag.name
data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
}
resource "google_data_catalog_policy_tag" "policy_tag" {
provider = google-beta
taxonomy = google_data_catalog_taxonomy.taxonomy.id
display_name = "Low security"
description = "A policy tag normally associated with low security items"
}
resource "google_data_catalog_taxonomy" "taxonomy" {
provider = google-beta
region = "us-central1"
display_name = "taxonomy"
description = "A collection of policy tags"
activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
}
The following arguments are supported:
-
data_policy_id
- (Required) User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. -
location
- (Required) The name of the location of the data policy. -
policy_tag
- (Required) Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. -
data_policy_type
- (Required) The enrollment level of the service. Possible values areCOLUMN_LEVEL_SECURITY_POLICY
andDATA_MASKING_POLICY
.
-
data_masking_policy
- (Optional) The data masking policy that specifies the data masking rule to use. Structure is documented below. -
project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
The data_masking_policy
block supports:
predefined_expression
- (Required) The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values areSHA256
,ALWAYS_NULL
, andDEFAULT_MASKING_VALUE
.
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with formatprojects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
-
name
- Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.
DataPolicy can be imported using any of these accepted formats:
$ terraform import google_bigquery_datapolicy_data_policy.default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{project}}/{{location}}/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{location}}/{{data_policy_id}}
This resource supports User Project Overrides.