import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * BigQuery Data Policy * * To get more information about DataPolicy, see: * * * [API documentation](https://cloud.google.com/bigquery/docs/reference/bigquerydatapolicy/rest/v2/projects.locations.dataPolicies) * * How-to Guides * * [Official Documentation](https://cloud.google.com/bigquery/docs/column-data-masking-intro) * * ## Example Usage * * ### Bigquery Datapolicyv2 Datapolicy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const basicDataPolicy = new gcp.bigquery.Datapolicyv2DataPolicy("basic_data_policy", { * location: "us-central1", * dataPolicyType: "RAW_DATA_ACCESS_POLICY", * dataPolicyId: "basic_data_policy", * }); * ``` * ### Bigquery Datapolicyv2 Datapolicy Predefined Masking * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const predefinedMaskingDataPolicy = new gcp.bigquery.Datapolicyv2DataPolicy("predefined_masking_data_policy", { * location: "us-central1", * dataPolicyType: "DATA_MASKING_POLICY", * dataMaskingPolicy: { * predefinedExpression: "SHA256", * }, * dataPolicyId: "predefined_masking_data_policy", * }); * ``` * ### Bigquery Datapolicyv2 Datapolicy Routine * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const test = new gcp.bigquery.Dataset("test", { * datasetId: "dataset_id", * location: "us-central1", * }); * const customMaskingRoutine = new gcp.bigquery.Routine("custom_masking_routine", { * datasetId: test.datasetId, * routineId: "custom_masking_routine", * routineType: "SCALAR_FUNCTION", * language: "SQL", * dataGovernanceType: "DATA_MASKING", * definitionBody: "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')", * returnType: "{\"typeKind\" : \"STRING\"}", * arguments: [{ * name: "ssn", * dataType: "{\"typeKind\" : \"STRING\"}", * }], * }); * const routineDataPolicy = new gcp.bigquery.Datapolicyv2DataPolicy("routine_data_policy", { * location: "us-central1", * dataPolicyId: "routine_data_policy", * dataPolicyType: "DATA_MASKING_POLICY", * dataMaskingPolicy: { * routine: customMaskingRoutine.id, * }, * }); * ``` * ### Bigquery Datapolicyv2 Datapolicy Withgrantees * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const dataPolicyWithGrantees = new gcp.bigquery.Datapolicyv2DataPolicy("data_policy_with_grantees", { * location: "us-central1", * dataPolicyType: "RAW_DATA_ACCESS_POLICY", * grantees: ["principal://goog/subject/jane@example.com"], * dataPolicyId: "data_policy_with_grantees", * }); * ``` * * ## Import * * DataPolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}` * * * `{{project}}/{{location}}/{{data_policy_id}}` * * * `{{location}}/{{data_policy_id}}` * * When using the `pulumi import` command, DataPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:bigquery/datapolicyv2DataPolicy:Datapolicyv2DataPolicy default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} * ``` * * ```sh * $ pulumi import gcp:bigquery/datapolicyv2DataPolicy:Datapolicyv2DataPolicy default {{project}}/{{location}}/{{data_policy_id}} * ``` * * ```sh * $ pulumi import gcp:bigquery/datapolicyv2DataPolicy:Datapolicyv2DataPolicy default {{location}}/{{data_policy_id}} * ``` */ export declare class Datapolicyv2DataPolicy extends pulumi.CustomResource { /** * Get an existing Datapolicyv2DataPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: Datapolicyv2DataPolicyState, opts?: pulumi.CustomResourceOptions): Datapolicyv2DataPolicy; /** * Returns true if the given object is an instance of Datapolicyv2DataPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Datapolicyv2DataPolicy; /** * The policy used to specify data masking rule. * Structure is documented below. */ readonly dataMaskingPolicy: pulumi.Output; /** * User-assigned (human readable) ID of the data policy that needs to be * unique within a project. Used as {data_policy_id} in part of the resource * name. */ readonly dataPolicyId: pulumi.Output; /** * Type of data policy. * Possible values: * DATA_MASKING_POLICY * RAW_DATA_ACCESS_POLICY * COLUMN_LEVEL_SECURITY_POLICY */ readonly dataPolicyType: pulumi.Output; /** * The etag for this Data Policy. * This field is used for UpdateDataPolicy calls. If Data Policy exists, this * field is required and must match the server's etag. It will also be * populated in the response of GetDataPolicy, CreateDataPolicy, and * UpdateDataPolicy calls. */ readonly etag: pulumi.Output; /** * The list of IAM principals that have Fine Grained Access to the underlying * data goverened by this data policy. * Uses the [IAM V2 principal * syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2) Only * supports principal types users, groups, serviceaccounts, cloudidentity. * This field is supported in V2 Data Policy only. In case of V1 data policies * (i.e. verion = 1 and policyTag is set), this field is not populated. */ readonly grantees: pulumi.Output; /** * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. */ readonly location: pulumi.Output; /** * Identifier. Resource name of this data policy, in the format of * `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. */ readonly name: pulumi.Output; /** * Policy tag resource name, in the format of * `projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}`. * policyTag is supported only for V1 data policies. */ readonly policyTag: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The version of the Data Policy resource. * Possible values: * V1 * V2 */ readonly version: pulumi.Output; /** * Create a Datapolicyv2DataPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: Datapolicyv2DataPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Datapolicyv2DataPolicy resources. */ export interface Datapolicyv2DataPolicyState { /** * The policy used to specify data masking rule. * Structure is documented below. */ dataMaskingPolicy?: pulumi.Input; /** * User-assigned (human readable) ID of the data policy that needs to be * unique within a project. Used as {data_policy_id} in part of the resource * name. */ dataPolicyId?: pulumi.Input; /** * Type of data policy. * Possible values: * DATA_MASKING_POLICY * RAW_DATA_ACCESS_POLICY * COLUMN_LEVEL_SECURITY_POLICY */ dataPolicyType?: pulumi.Input; /** * The etag for this Data Policy. * This field is used for UpdateDataPolicy calls. If Data Policy exists, this * field is required and must match the server's etag. It will also be * populated in the response of GetDataPolicy, CreateDataPolicy, and * UpdateDataPolicy calls. */ etag?: pulumi.Input; /** * The list of IAM principals that have Fine Grained Access to the underlying * data goverened by this data policy. * Uses the [IAM V2 principal * syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2) Only * supports principal types users, groups, serviceaccounts, cloudidentity. * This field is supported in V2 Data Policy only. In case of V1 data policies * (i.e. verion = 1 and policyTag is set), this field is not populated. */ grantees?: pulumi.Input[]>; /** * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. */ location?: pulumi.Input; /** * Identifier. Resource name of this data policy, in the format of * `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. */ name?: pulumi.Input; /** * Policy tag resource name, in the format of * `projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}`. * policyTag is supported only for V1 data policies. */ policyTag?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The version of the Data Policy resource. * Possible values: * V1 * V2 */ version?: pulumi.Input; } /** * The set of arguments for constructing a Datapolicyv2DataPolicy resource. */ export interface Datapolicyv2DataPolicyArgs { /** * The policy used to specify data masking rule. * Structure is documented below. */ dataMaskingPolicy?: pulumi.Input; /** * User-assigned (human readable) ID of the data policy that needs to be * unique within a project. Used as {data_policy_id} in part of the resource * name. */ dataPolicyId: pulumi.Input; /** * Type of data policy. * Possible values: * DATA_MASKING_POLICY * RAW_DATA_ACCESS_POLICY * COLUMN_LEVEL_SECURITY_POLICY */ dataPolicyType: pulumi.Input; /** * The etag for this Data Policy. * This field is used for UpdateDataPolicy calls. If Data Policy exists, this * field is required and must match the server's etag. It will also be * populated in the response of GetDataPolicy, CreateDataPolicy, and * UpdateDataPolicy calls. */ etag?: pulumi.Input; /** * The list of IAM principals that have Fine Grained Access to the underlying * data goverened by this data policy. * Uses the [IAM V2 principal * syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2) Only * supports principal types users, groups, serviceaccounts, cloudidentity. * This field is supported in V2 Data Policy only. In case of V1 data policies * (i.e. verion = 1 and policyTag is set), this field is not populated. */ grantees?: pulumi.Input[]>; /** * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. */ location: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; }