Google Git
Sign in
third-party-mirror / terraform-provider-google-beta / b9c4dd45f637f009e6ebbee053c562b25e63e4f7 / . / v6.2.0 / website / docs / r / bigquery_datapolicy_data_policy.html.markdown
blob: cb3cee69e7ea764fa0fc828f6e6fa9bb2b98504b [file] [log] [blame]
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "BigQuery Data Policy"
description: |-
A BigQuery Data Policy
---
# google_bigquery_datapolicy_data_policy
A BigQuery Data Policy
To get more information about DataPolicy, see:
* [API documentation](https://cloud.google.com/bigquery/docs/reference/bigquerydatapolicy/rest/v1beta1/projects.locations.dataPolicies/create)
* How-to Guides
* [Official Documentation](https://cloud.google.com/bigquery/docs/column-data-masking-intro)
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=bigquery_datapolicy_data_policy_basic&open_in_editor=main.tf" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Bigquery Datapolicy Data Policy Basic
```hcl
resource "google_bigquery_datapolicy_data_policy" "data_policy" {
location = "us-central1"
data_policy_id = "data_policy"
policy_tag = google_data_catalog_policy_tag.policy_tag.name
data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
}
resource "google_data_catalog_policy_tag" "policy_tag" {
taxonomy = google_data_catalog_taxonomy.taxonomy.id
display_name = "Low security"
description = "A policy tag normally associated with low security items"
}
resource "google_data_catalog_taxonomy" "taxonomy" {
region = "us-central1"
display_name = "taxonomy"
description = "A collection of policy tags"
activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=bigquery_datapolicy_data_policy_routine&open_in_editor=main.tf" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Bigquery Datapolicy Data Policy Routine
```hcl
resource "google_bigquery_datapolicy_data_policy" "data_policy" {
location = "us-central1"
data_policy_id = "data_policy"
policy_tag = google_data_catalog_policy_tag.policy_tag.name
data_policy_type = "DATA_MASKING_POLICY"
data_masking_policy {
routine = google_bigquery_routine.custom_masking_routine.id
}
}
resource "google_data_catalog_policy_tag" "policy_tag" {
taxonomy = google_data_catalog_taxonomy.taxonomy.id
display_name = "Low security"
description = "A policy tag normally associated with low security items"
}
resource "google_data_catalog_taxonomy" "taxonomy" {
region = "us-central1"
display_name = "taxonomy"
description = "A collection of policy tags"
activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
}
resource "google_bigquery_dataset" "test" {
dataset_id = "dataset_id"
location = "us-central1"
}
resource "google_bigquery_routine" "custom_masking_routine" {
dataset_id = google_bigquery_dataset.test.dataset_id
routine_id = "custom_masking_routine"
routine_type = "SCALAR_FUNCTION"
language = "SQL"
data_governance_type = "DATA_MASKING"
definition_body = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"
return_type = "{\"typeKind\" : \"STRING\"}"
arguments {
name = "ssn"
data_type = "{\"typeKind\" : \"STRING\"}"
}
}
```
## Argument Reference
The following arguments are supported:
* `data_policy_id` -
(Required)
User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.
* `location` -
(Required)
The name of the location of the data policy.
* `policy_tag` -
(Required)
Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.
* `data_policy_type` -
(Required)
The enrollment level of the service.
Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`.
- - -
* `data_masking_policy` -
(Optional)
The data masking policy that specifies the data masking rule to use.
Structure is [documented below](#nested_data_masking_policy).
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
<a name="nested_data_masking_policy"></a>The `data_masking_policy` block supports:
* `predefined_expression` -
(Optional)
The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
* `routine` -
(Optional)
The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}`
* `name` -
Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.
## Timeouts
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.
## Import
DataPolicy can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}`
* `{{project}}/{{location}}/{{data_policy_id}}`
* `{{location}}/{{data_policy_id}}`
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import DataPolicy using one of the formats above. For example:
```tf
import {
id = "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}"
to = google_bigquery_datapolicy_data_policy.default
}
```
When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), DataPolicy can be imported using one of the formats above. For example:
```
$ terraform import google_bigquery_datapolicy_data_policy.default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{project}}/{{location}}/{{data_policy_id}}
$ terraform import google_bigquery_datapolicy_data_policy.default {{location}}/{{data_policy_id}}
```
## User Project Overrides
This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).