bigquery_datapolicy_data_policy.html.markdown

subcategory	page_title	description
BigQuery Data Policy	Google: google_bigquery_datapolicy_data_policy	A BigQuery Data Policy

google_bigquery_datapolicy_data_policy

A BigQuery Data Policy

~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

To get more information about DataPolicy, see:

• API documentation
• How-to Guides
  • Official Documentation

## Example Usage - Bigquery Datapolicy Data Policy Basic

resource "google_bigquery_datapolicy_data_policy" "data_policy" {
    provider = google-beta
    location         = "us-central1"
    data_policy_id   = "data_policy"
    policy_tag       = google_data_catalog_policy_tag.policy_tag.name
    data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
  }

  resource "google_data_catalog_policy_tag" "policy_tag" {
    provider = google-beta
    taxonomy     = google_data_catalog_taxonomy.taxonomy.id
    display_name = "Low security"
    description  = "A policy tag normally associated with low security items"
  }
  
  resource "google_data_catalog_taxonomy" "taxonomy" {
    provider = google-beta
    region                 = "us-central1"
    display_name           = "taxonomy"
    description            = "A collection of policy tags"
    activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
  }

Argument Reference

The following arguments are supported:

• data_policy_id - (Required) User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.

• location - (Required) The name of the location of the data policy.

• policy_tag - (Required) Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.

• data_policy_type - (Required) The enrollment level of the service. Possible values are COLUMN_LEVEL_SECURITY_POLICY and DATA_MASKING_POLICY.

---

• data_masking_policy - (Optional) The data masking policy that specifies the data masking rule to use. Structure is documented below.

• project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The data_masking_policy block supports:

• predefined_expression - (Required) The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values are SHA256, ALWAYS_NULL, and DEFAULT_MASKING_VALUE.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}

• name - Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.

Timeouts

This resource provides the following Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

DataPolicy can be imported using any of these accepted formats:

$ terraform import google_bigquery_datapolicy_data_policy.default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{project}}/{{location}}/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{location}}/{{data_policy_id}}

User Project Overrides

This resource supports User Project Overrides.