google_bigquery_datapolicy_data_policy

A BigQuery Data Policy

To get more information about DataPolicy, see:

Open in Cloud Shell

Example Usage - Bigquery Datapolicy Data Policy Basic

resource "google_bigquery_datapolicy_data_policy" "data_policy" {
  location         = "us-central1"
  data_policy_id   = "data_policy"
  policy_tag       = google_data_catalog_policy_tag.policy_tag.name
  data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
}

resource "google_data_catalog_policy_tag" "policy_tag" {
  taxonomy     = google_data_catalog_taxonomy.taxonomy.id
  display_name = "Low security"
  description  = "A policy tag normally associated with low security items"
}

resource "google_data_catalog_taxonomy" "taxonomy" {
  region                 = "us-central1"
  display_name           = "taxonomy"
  description            = "A collection of policy tags"
  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
}
Open in Cloud Shell

Example Usage - Bigquery Datapolicy Data Policy Routine

resource "google_bigquery_datapolicy_data_policy" "data_policy" {
  location         = "us-central1"
  data_policy_id   = "data_policy"
  policy_tag       = google_data_catalog_policy_tag.policy_tag.name
  data_policy_type = "DATA_MASKING_POLICY"  
  data_masking_policy {
    routine = google_bigquery_routine.custom_masking_routine.id
  }
}

resource "google_data_catalog_policy_tag" "policy_tag" {
  taxonomy     = google_data_catalog_taxonomy.taxonomy.id
  display_name = "Low security"
  description  = "A policy tag normally associated with low security items"
}

resource "google_data_catalog_taxonomy" "taxonomy" {
  region                 = "us-central1"
  display_name           = "taxonomy"
  description            = "A collection of policy tags"
  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
}

resource "google_bigquery_dataset" "test" {
  dataset_id = "dataset_id"
  location   = "us-central1"
}

resource "google_bigquery_routine" "custom_masking_routine" {
    dataset_id           = google_bigquery_dataset.test.dataset_id
    routine_id           = "custom_masking_routine"
    routine_type         = "SCALAR_FUNCTION"
    language             = "SQL"
    data_governance_type = "DATA_MASKING"
    definition_body      = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"
    return_type          = "{\"typeKind\" :  \"STRING\"}"

    arguments {
      name = "ssn"
      data_type = "{\"typeKind\" :  \"STRING\"}"
    } 
}

Argument Reference

The following arguments are supported:


The data_masking_policy block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

DataPolicy can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import DataPolicy using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}"
  to = google_bigquery_datapolicy_data_policy.default
}

When using the terraform import command, DataPolicy can be imported using one of the formats above. For example:

$ terraform import google_bigquery_datapolicy_data_policy.default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{project}}/{{location}}/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{location}}/{{data_policy_id}}

User Project Overrides

This resource supports User Project Overrides.