import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * IcebergCatalogs are top-level containers for Apache Iceberg REST Catalog served Namespaces and Tables. * * To get more information about IcebergCatalog, see: * * How-to Guides * * [Use the BigLake metastore Iceberg REST catalog](https://docs.cloud.google.com/biglake/docs/blms-rest-catalog) * * > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource's IAM, * you must specify a `billingProject` and set `userProjectOverride` to true * in the provider configuration. Otherwise the IAM API will return 403s. * Your account must have the `serviceusage.services.use` permission on the * `billingProject` you defined. * * ## Example Usage * * ### Biglake Iceberg Catalog * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const bucketForMyIcebergCatalog = new gcp.storage.Bucket("bucket_for_my_iceberg_catalog", { * name: "my_iceberg_catalog", * location: "us-central1", * forceDestroy: true, * uniformBucketLevelAccess: true, * }); * const myIcebergCatalog = new gcp.biglake.IcebergCatalog("my_iceberg_catalog", { * name: bucketForMyIcebergCatalog.name, * catalogType: "CATALOG_TYPE_GCS_BUCKET", * credentialMode: "CREDENTIAL_MODE_VENDED_CREDENTIALS", * }, { * dependsOn: [bucketForMyIcebergCatalog], * }); * ``` * * ## Import * * IcebergCatalog can be imported using any of these accepted formats: * * * `iceberg/v1/restcatalog/extensions/projects/{{project}}/catalogs/{{name}}` * * `{{project}}/{{name}}` * * `{{name}}` * * When using the `pulumi import` command, IcebergCatalog can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:biglake/icebergCatalog:IcebergCatalog default iceberg/v1/restcatalog/extensions/projects/{{project}}/catalogs/{{name}} * $ pulumi import gcp:biglake/icebergCatalog:IcebergCatalog default {{project}}/{{name}} * $ pulumi import gcp:biglake/icebergCatalog:IcebergCatalog default {{name}} * ``` */ export declare class IcebergCatalog extends pulumi.CustomResource { /** * Get an existing IcebergCatalog resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: IcebergCatalogState, opts?: pulumi.CustomResourceOptions): IcebergCatalog; /** * Returns true if the given object is an instance of IcebergCatalog. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is IcebergCatalog; /** * Output only. The service account used for credential vending. It might be empty if credential vending was never enabled for the catalog. */ readonly biglakeServiceAccount: pulumi.Output; /** * The catalog type of the IcebergCatalog. Currently only supports the type for Google Cloud Storage Buckets. * Possible values are: `CATALOG_TYPE_GCS_BUCKET`. */ readonly catalogType: pulumi.Output; /** * Output only. The creation time of the IcebergCatalog. */ readonly createTime: pulumi.Output; /** * The credential mode used for the catalog. CREDENTIAL_MODE_END_USER - End user credentials, default. The authenticating user must have access to the catalog resources and the corresponding Google Cloud Storage files. CREDENTIAL_MODE_VENDED_CREDENTIALS - Use credential vending. The authenticating user must have access to the catalog resources and the system will provide the caller with downscoped credentials to access the Google Cloud Storage files. All table operations in this mode would require `X-Iceberg-Access-Delegation` header with `vended-credentials` value included. System will generate a service account and the catalog administrator must grant the service account appropriate permissions. * Possible values are: `CREDENTIAL_MODE_END_USER`, `CREDENTIAL_MODE_VENDED_CREDENTIALS`. */ readonly credentialMode: pulumi.Output; /** * Output only. The default storage location for the catalog, e.g., `gs://my-bucket`. */ readonly defaultLocation: pulumi.Output; /** * The name of the IcebergCatalog. * For CATALOG_TYPE_GCS_BUCKET typed catalogs, the name needs to be the * exact same value of the GCS bucket's name. For example, for a bucket: * gs://bucket-name, the catalog name will be exactly "bucket-name". */ readonly name: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * Output only. The replicas for the catalog metadata. * Structure is documented below. */ readonly replicas: pulumi.Output; /** * Output only. The GCP region(s) where the physical metadata for the tables is stored, e.g. `us-central1`, `nam4` or `us`. This will contain one value for all locations, except for the catalogs that are configured to use custom dual region buckets. */ readonly storageRegions: pulumi.Output; /** * Output only. The last modification time of the IcebergCatalog. */ readonly updateTime: pulumi.Output; /** * Create a IcebergCatalog resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: IcebergCatalogArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering IcebergCatalog resources. */ export interface IcebergCatalogState { /** * Output only. The service account used for credential vending. It might be empty if credential vending was never enabled for the catalog. */ biglakeServiceAccount?: pulumi.Input; /** * The catalog type of the IcebergCatalog. Currently only supports the type for Google Cloud Storage Buckets. * Possible values are: `CATALOG_TYPE_GCS_BUCKET`. */ catalogType?: pulumi.Input; /** * Output only. The creation time of the IcebergCatalog. */ createTime?: pulumi.Input; /** * The credential mode used for the catalog. CREDENTIAL_MODE_END_USER - End user credentials, default. The authenticating user must have access to the catalog resources and the corresponding Google Cloud Storage files. CREDENTIAL_MODE_VENDED_CREDENTIALS - Use credential vending. The authenticating user must have access to the catalog resources and the system will provide the caller with downscoped credentials to access the Google Cloud Storage files. All table operations in this mode would require `X-Iceberg-Access-Delegation` header with `vended-credentials` value included. System will generate a service account and the catalog administrator must grant the service account appropriate permissions. * Possible values are: `CREDENTIAL_MODE_END_USER`, `CREDENTIAL_MODE_VENDED_CREDENTIALS`. */ credentialMode?: pulumi.Input; /** * Output only. The default storage location for the catalog, e.g., `gs://my-bucket`. */ defaultLocation?: pulumi.Input; /** * The name of the IcebergCatalog. * For CATALOG_TYPE_GCS_BUCKET typed catalogs, the name needs to be the * exact same value of the GCS bucket's name. For example, for a bucket: * gs://bucket-name, the catalog name will be exactly "bucket-name". */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Output only. The replicas for the catalog metadata. * Structure is documented below. */ replicas?: pulumi.Input[]>; /** * Output only. The GCP region(s) where the physical metadata for the tables is stored, e.g. `us-central1`, `nam4` or `us`. This will contain one value for all locations, except for the catalogs that are configured to use custom dual region buckets. */ storageRegions?: pulumi.Input[]>; /** * Output only. The last modification time of the IcebergCatalog. */ updateTime?: pulumi.Input; } /** * The set of arguments for constructing a IcebergCatalog resource. */ export interface IcebergCatalogArgs { /** * The catalog type of the IcebergCatalog. Currently only supports the type for Google Cloud Storage Buckets. * Possible values are: `CATALOG_TYPE_GCS_BUCKET`. */ catalogType: pulumi.Input; /** * The credential mode used for the catalog. CREDENTIAL_MODE_END_USER - End user credentials, default. The authenticating user must have access to the catalog resources and the corresponding Google Cloud Storage files. CREDENTIAL_MODE_VENDED_CREDENTIALS - Use credential vending. The authenticating user must have access to the catalog resources and the system will provide the caller with downscoped credentials to access the Google Cloud Storage files. All table operations in this mode would require `X-Iceberg-Access-Delegation` header with `vended-credentials` value included. System will generate a service account and the catalog administrator must grant the service account appropriate permissions. * Possible values are: `CREDENTIAL_MODE_END_USER`, `CREDENTIAL_MODE_VENDED_CREDENTIALS`. */ credentialMode?: pulumi.Input; /** * The name of the IcebergCatalog. * For CATALOG_TYPE_GCS_BUCKET typed catalogs, the name needs to be the * exact same value of the GCS bucket's name. For example, for a bucket: * gs://bucket-name, the catalog name will be exactly "bucket-name". */ name?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; }