@pulumi/databricks/policyInfo.js

A Pulumi package for creating and managing databricks cloud resources.

"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.PolicyInfo = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
 * [![Public Preview](https://img.shields.io/badge/Release_Stage-Public_Preview-yellowgreen)](https://docs.databricks.com/aws/en/release-notes/release-types)
 *
 * Attribute-Based Access Control (ABAC) policies in Unity Catalog provide high leverage governance for enforcing compliance policies. With ABAC policies, access is controlled in a hierarchical and scalable manner, based on data attributes rather than specific resources, enabling more flexible and comprehensive access control.
 *
 * ABAC policies in Unity Catalog support conditions on governance tags and the user identity. Callers must have the `MANAGE` privilege on a securable to view, create, update, or delete ABAC policies.
 *
 * ## Example Usage
 *
 * ### Row Filter Policy
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as databricks from "@pulumi/databricks";
 *
 * const piiRowFilter = new databricks.PolicyInfo("pii_row_filter", {
 *     onSecurableType: "catalog",
 *     onSecurableFullname: "main",
 *     name: "pii_data_policy",
 *     policyType: "POLICY_TYPE_ROW_FILTER",
 *     forSecurableType: "table",
 *     toPrincipals: ["account users"],
 *     whenCondition: "hasTag('pii')",
 *     matchColumns: [{
 *         condition: "hasTag('pii')",
 *         alias: "pii_col",
 *     }],
 *     rowFilter: {
 *         functionName: "main.filters.mask_pii_rows",
 *         usings: [{
 *             alias: "pii_col",
 *         }],
 *     },
 * });
 * ```
 *
 * ### Column Mask Policy
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as databricks from "@pulumi/databricks";
 *
 * const sensitiveColumnMask = new databricks.PolicyInfo("sensitive_column_mask", {
 *     onSecurableType: "schema",
 *     onSecurableFullname: "main.finance",
 *     name: "sensitive_data_mask",
 *     policyType: "POLICY_TYPE_COLUMN_MASK",
 *     forSecurableType: "table",
 *     toPrincipals: ["account users"],
 *     exceptPrincipals: ["finance_admins"],
 *     whenCondition: "hasTag('pii')",
 *     matchColumns: [{
 *         condition: "hasTag('pii')",
 *         alias: "sensitive_col",
 *     }],
 *     columnMask: {
 *         functionName: "main.masks.redact_sensitive",
 *         onColumn: "sensitive_col",
 *         usings: [{
 *             constant: "4",
 *         }],
 *     },
 * });
 * ```
 *
 * ## Import
 *
 * As of Pulumi v1.5, resources can be imported through configuration.
 *
 * hcl
 *
 * import {
 *
 *   id = "on_securable_type,on_securable_fullname,name"
 *
 *   to = databricks_policy_info.this
 *
 * }
 *
 * If you are using an older version of Pulumi, import the resource using the `pulumi import` command as follows:
 *
 * ```sh
 * $ pulumi import databricks:index/policyInfo:PolicyInfo this "on_securable_type,on_securable_fullname,name"
 * ```
 */
class PolicyInfo extends pulumi.CustomResource {
    /**
     * Get an existing PolicyInfo resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name, id, state, opts) {
        return new PolicyInfo(name, state, { ...opts, id: id });
    }
    /**
     * Returns true if the given object is an instance of PolicyInfo.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj) {
        if (obj === undefined || obj === null) {
            return false;
        }
        return obj['__pulumiType'] === PolicyInfo.__pulumiType;
    }
    constructor(name, argsOrState, opts) {
        let resourceInputs = {};
        opts = opts || {};
        if (opts.id) {
            const state = argsOrState;
            resourceInputs["columnMask"] = state?.columnMask;
            resourceInputs["comment"] = state?.comment;
            resourceInputs["createdAt"] = state?.createdAt;
            resourceInputs["createdBy"] = state?.createdBy;
            resourceInputs["exceptPrincipals"] = state?.exceptPrincipals;
            resourceInputs["forSecurableType"] = state?.forSecurableType;
            resourceInputs["matchColumns"] = state?.matchColumns;
            resourceInputs["name"] = state?.name;
            resourceInputs["onSecurableFullname"] = state?.onSecurableFullname;
            resourceInputs["onSecurableType"] = state?.onSecurableType;
            resourceInputs["policyType"] = state?.policyType;
            resourceInputs["rowFilter"] = state?.rowFilter;
            resourceInputs["toPrincipals"] = state?.toPrincipals;
            resourceInputs["updatedAt"] = state?.updatedAt;
            resourceInputs["updatedBy"] = state?.updatedBy;
            resourceInputs["whenCondition"] = state?.whenCondition;
        }
        else {
            const args = argsOrState;
            if (args?.forSecurableType === undefined && !opts.urn) {
                throw new Error("Missing required property 'forSecurableType'");
            }
            if (args?.policyType === undefined && !opts.urn) {
                throw new Error("Missing required property 'policyType'");
            }
            if (args?.toPrincipals === undefined && !opts.urn) {
                throw new Error("Missing required property 'toPrincipals'");
            }
            resourceInputs["columnMask"] = args?.columnMask;
            resourceInputs["comment"] = args?.comment;
            resourceInputs["exceptPrincipals"] = args?.exceptPrincipals;
            resourceInputs["forSecurableType"] = args?.forSecurableType;
            resourceInputs["matchColumns"] = args?.matchColumns;
            resourceInputs["name"] = args?.name;
            resourceInputs["onSecurableFullname"] = args?.onSecurableFullname;
            resourceInputs["onSecurableType"] = args?.onSecurableType;
            resourceInputs["policyType"] = args?.policyType;
            resourceInputs["rowFilter"] = args?.rowFilter;
            resourceInputs["toPrincipals"] = args?.toPrincipals;
            resourceInputs["whenCondition"] = args?.whenCondition;
            resourceInputs["createdAt"] = undefined /*out*/;
            resourceInputs["createdBy"] = undefined /*out*/;
            resourceInputs["updatedAt"] = undefined /*out*/;
            resourceInputs["updatedBy"] = undefined /*out*/;
        }
        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
        super(PolicyInfo.__pulumiType, name, resourceInputs, opts);
    }
}
exports.PolicyInfo = PolicyInfo;
/** @internal */
PolicyInfo.__pulumiType = 'databricks:index/policyInfo:PolicyInfo';
//# sourceMappingURL=policyInfo.js.map