@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
275 lines (274 loc) • 11.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* Represents access on a subset of rows on the specified table, defined by its filter predicate. Access to the subset of rows is controlled by its IAM policy.
*
* ## Example Usage
*
* ### Bigquery Row Access Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const example = new gcp.bigquery.Dataset("example", {
* datasetId: "dataset_id",
* location: "US",
* });
* const exampleTable = new gcp.bigquery.Table("example", {
* deletionProtection: false,
* datasetId: example.datasetId,
* tableId: "table_id",
* });
* const exampleRowAccessPolicy = new gcp.bigquery.RowAccessPolicy("example", {
* datasetId: example.datasetId,
* tableId: exampleTable.tableId,
* policyId: "policy_id",
* filterPredicate: "nullable_field is not NULL",
* grantees: ["domain:google.com"],
* });
* ```
*
* ## Import
*
* RowAccessPolicy can be imported using any of these accepted formats:
*
* * `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}/rowAccessPolicies/{{policy_id}}`
*
* * `{{project}}/{{dataset_id}}/{{table_id}}/{{policy_id}}`
*
* * `{{dataset_id}}/{{table_id}}/{{policy_id}}`
*
* When using the `pulumi import` command, RowAccessPolicy can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:bigquery/rowAccessPolicy:RowAccessPolicy default projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}/rowAccessPolicies/{{policy_id}}
* ```
*
* ```sh
* $ pulumi import gcp:bigquery/rowAccessPolicy:RowAccessPolicy default {{project}}/{{dataset_id}}/{{table_id}}/{{policy_id}}
* ```
*
* ```sh
* $ pulumi import gcp:bigquery/rowAccessPolicy:RowAccessPolicy default {{dataset_id}}/{{table_id}}/{{policy_id}}
* ```
*/
export declare class RowAccessPolicy extends pulumi.CustomResource {
/**
* Get an existing RowAccessPolicy resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RowAccessPolicyState, opts?: pulumi.CustomResourceOptions): RowAccessPolicy;
/**
* Returns true if the given object is an instance of RowAccessPolicy. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is RowAccessPolicy;
/**
* The time when this row access policy was created, in milliseconds since
* the epoch.
*/
readonly creationTime: pulumi.Output<string>;
/**
* The ID of the dataset containing this row access policy.
*/
readonly datasetId: pulumi.Output<string>;
/**
* A SQL boolean expression that represents the rows defined by this row
* access policy, similar to the boolean expression in a WHERE clause of a
* SELECT query on a table.
* References to other tables, routines, and temporary functions are not
* supported.
* Examples: region="EU"
* dateField = CAST('2019-9-27' as DATE)
* nullableField is not NULL
* numericField BETWEEN 1.0 AND 5.0
*/
readonly filterPredicate: pulumi.Output<string>;
/**
* Input only. The optional list of iamMember users or groups that specifies the initial
* members that the row-level access policy should be created with.
* grantees types:
* - "user:alice@example.com": An email address that represents a specific
* Google account.
* - "serviceAccount:my-other-app@appspot.gserviceaccount.com": An email
* address that represents a service account.
* - "group:admins@example.com": An email address that represents a Google
* group.
* - "domain:example.com":The Google Workspace domain (primary) that
* represents all the users of that domain.
* - "allAuthenticatedUsers": A special identifier that represents all service
* accounts and all users on the internet who have authenticated with a Google
* Account. This identifier includes accounts that aren't connected to a
* Google Workspace or Cloud Identity domain, such as personal Gmail accounts.
* Users who aren't authenticated, such as anonymous visitors, aren't
* included.
* - "allUsers":A special identifier that represents anyone who is on
* the internet, including authenticated and unauthenticated users. Because
* BigQuery requires authentication before a user can access the service,
* allUsers includes only authenticated users.
*/
readonly grantees: pulumi.Output<string[] | undefined>;
/**
* The time when this row access policy was last modified, in milliseconds
* since the epoch.
*/
readonly lastModifiedTime: pulumi.Output<string>;
/**
* The ID of the row access policy. The ID must contain only
* letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum
* length is 256 characters.
*/
readonly policyId: pulumi.Output<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* The ID of the table containing this row access policy.
*/
readonly tableId: pulumi.Output<string>;
/**
* Create a RowAccessPolicy resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: RowAccessPolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering RowAccessPolicy resources.
*/
export interface RowAccessPolicyState {
/**
* The time when this row access policy was created, in milliseconds since
* the epoch.
*/
creationTime?: pulumi.Input<string>;
/**
* The ID of the dataset containing this row access policy.
*/
datasetId?: pulumi.Input<string>;
/**
* A SQL boolean expression that represents the rows defined by this row
* access policy, similar to the boolean expression in a WHERE clause of a
* SELECT query on a table.
* References to other tables, routines, and temporary functions are not
* supported.
* Examples: region="EU"
* dateField = CAST('2019-9-27' as DATE)
* nullableField is not NULL
* numericField BETWEEN 1.0 AND 5.0
*/
filterPredicate?: pulumi.Input<string>;
/**
* Input only. The optional list of iamMember users or groups that specifies the initial
* members that the row-level access policy should be created with.
* grantees types:
* - "user:alice@example.com": An email address that represents a specific
* Google account.
* - "serviceAccount:my-other-app@appspot.gserviceaccount.com": An email
* address that represents a service account.
* - "group:admins@example.com": An email address that represents a Google
* group.
* - "domain:example.com":The Google Workspace domain (primary) that
* represents all the users of that domain.
* - "allAuthenticatedUsers": A special identifier that represents all service
* accounts and all users on the internet who have authenticated with a Google
* Account. This identifier includes accounts that aren't connected to a
* Google Workspace or Cloud Identity domain, such as personal Gmail accounts.
* Users who aren't authenticated, such as anonymous visitors, aren't
* included.
* - "allUsers":A special identifier that represents anyone who is on
* the internet, including authenticated and unauthenticated users. Because
* BigQuery requires authentication before a user can access the service,
* allUsers includes only authenticated users.
*/
grantees?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The time when this row access policy was last modified, in milliseconds
* since the epoch.
*/
lastModifiedTime?: pulumi.Input<string>;
/**
* The ID of the row access policy. The ID must contain only
* letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum
* length is 256 characters.
*/
policyId?: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The ID of the table containing this row access policy.
*/
tableId?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a RowAccessPolicy resource.
*/
export interface RowAccessPolicyArgs {
/**
* The ID of the dataset containing this row access policy.
*/
datasetId: pulumi.Input<string>;
/**
* A SQL boolean expression that represents the rows defined by this row
* access policy, similar to the boolean expression in a WHERE clause of a
* SELECT query on a table.
* References to other tables, routines, and temporary functions are not
* supported.
* Examples: region="EU"
* dateField = CAST('2019-9-27' as DATE)
* nullableField is not NULL
* numericField BETWEEN 1.0 AND 5.0
*/
filterPredicate: pulumi.Input<string>;
/**
* Input only. The optional list of iamMember users or groups that specifies the initial
* members that the row-level access policy should be created with.
* grantees types:
* - "user:alice@example.com": An email address that represents a specific
* Google account.
* - "serviceAccount:my-other-app@appspot.gserviceaccount.com": An email
* address that represents a service account.
* - "group:admins@example.com": An email address that represents a Google
* group.
* - "domain:example.com":The Google Workspace domain (primary) that
* represents all the users of that domain.
* - "allAuthenticatedUsers": A special identifier that represents all service
* accounts and all users on the internet who have authenticated with a Google
* Account. This identifier includes accounts that aren't connected to a
* Google Workspace or Cloud Identity domain, such as personal Gmail accounts.
* Users who aren't authenticated, such as anonymous visitors, aren't
* included.
* - "allUsers":A special identifier that represents anyone who is on
* the internet, including authenticated and unauthenticated users. Because
* BigQuery requires authentication before a user can access the service,
* allUsers includes only authenticated users.
*/
grantees?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The ID of the row access policy. The ID must contain only
* letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum
* length is 256 characters.
*/
policyId: pulumi.Input<string>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string>;
/**
* The ID of the table containing this row access policy.
*/
tableId: pulumi.Input<string>;
}