@pulumi/gcp

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A BigQuery Data Policy * * To get more information about DataPolicy, see: * * * [API documentation](https://cloud.google.com/bigquery/docs/reference/bigquerydatapolicy/rest/v1beta1/projects.locations.dataPolicies/create) * * How-to Guides * * [Official Documentation](https://cloud.google.com/bigquery/docs/column-data-masking-intro) * * ## Example Usage * * ### Bigquery Datapolicy Data Policy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const taxonomy = new gcp.datacatalog.Taxonomy("taxonomy", { * region: "us-central1", * displayName: "taxonomy", * description: "A collection of policy tags", * activatedPolicyTypes: ["FINE_GRAINED_ACCESS_CONTROL"], * }); * const policyTag = new gcp.datacatalog.PolicyTag("policy_tag", { * taxonomy: taxonomy.id, * displayName: "Low security", * description: "A policy tag normally associated with low security items", * }); * const dataPolicy = new gcp.bigquerydatapolicy.DataPolicy("data_policy", { * location: "us-central1", * dataPolicyId: "data_policy", * policyTag: policyTag.name, * dataPolicyType: "COLUMN_LEVEL_SECURITY_POLICY", * }); * ``` * ### Bigquery Datapolicy Data Policy Routine * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const taxonomy = new gcp.datacatalog.Taxonomy("taxonomy", { * region: "us-central1", * displayName: "taxonomy", * description: "A collection of policy tags", * activatedPolicyTypes: ["FINE_GRAINED_ACCESS_CONTROL"], * }); * const policyTag = new gcp.datacatalog.PolicyTag("policy_tag", { * taxonomy: taxonomy.id, * displayName: "Low security", * description: "A policy tag normally associated with low security items", * }); * const test = new gcp.bigquery.Dataset("test", { * datasetId: "dataset_id", * location: "us-central1", * }); * const customMaskingRoutine = new gcp.bigquery.Routine("custom_masking_routine", { * datasetId: test.datasetId, * routineId: "custom_masking_routine", * routineType: "SCALAR_FUNCTION", * language: "SQL", * dataGovernanceType: "DATA_MASKING", * definitionBody: "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')", * returnType: "{\"typeKind\" : \"STRING\"}", * arguments: [{ * name: "ssn", * dataType: "{\"typeKind\" : \"STRING\"}", * }], * }); * const dataPolicy = new gcp.bigquerydatapolicy.DataPolicy("data_policy", { * location: "us-central1", * dataPolicyId: "data_policy", * policyTag: policyTag.name, * dataPolicyType: "DATA_MASKING_POLICY", * dataMaskingPolicy: { * routine: customMaskingRoutine.id, * }, * }); * ``` * * ## Import * * DataPolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}` * * * `{{project}}/{{location}}/{{data_policy_id}}` * * * `{{location}}/{{data_policy_id}}` * * When using the `pulumi import` command, DataPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} * ``` * * ```sh * $ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default {{project}}/{{location}}/{{data_policy_id}} * ``` * * ```sh * $ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default {{location}}/{{data_policy_id}} * ``` */ export declare class DataPolicy extends pulumi.CustomResource { /** * Get an existing DataPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DataPolicyState, opts?: pulumi.CustomResourceOptions): DataPolicy; /** * Returns true if the given object is an instance of DataPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is DataPolicy; /** * The data masking policy that specifies the data masking rule to use. * Structure is documented below. */ readonly dataMaskingPolicy: pulumi.Output<outputs.bigquerydatapolicy.DataPolicyDataMaskingPolicy | undefined>; /** * User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. */ readonly dataPolicyId: pulumi.Output<string>; /** * The enrollment level of the service. * Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`. */ readonly dataPolicyType: pulumi.Output<string>; /** * The name of the location of the data policy. */ readonly location: pulumi.Output<string>; /** * Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. */ readonly name: pulumi.Output<string>; /** * Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. */ readonly policyTag: pulumi.Output<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output<string>; /** * Create a DataPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DataPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering DataPolicy resources. */ export interface DataPolicyState { /** * The data masking policy that specifies the data masking rule to use. * Structure is documented below. */ dataMaskingPolicy?: pulumi.Input<inputs.bigquerydatapolicy.DataPolicyDataMaskingPolicy>; /** * User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. */ dataPolicyId?: pulumi.Input<string>; /** * The enrollment level of the service. * Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`. */ dataPolicyType?: pulumi.Input<string>; /** * The name of the location of the data policy. */ location?: pulumi.Input<string>; /** * Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. */ name?: pulumi.Input<string>; /** * Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. */ policyTag?: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; } /** * The set of arguments for constructing a DataPolicy resource. */ export interface DataPolicyArgs { /** * The data masking policy that specifies the data masking rule to use. * Structure is documented below. */ dataMaskingPolicy?: pulumi.Input<inputs.bigquerydatapolicy.DataPolicyDataMaskingPolicy>; /** * User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. */ dataPolicyId: pulumi.Input<string>; /** * The enrollment level of the service. * Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`. */ dataPolicyType: pulumi.Input<string>; /** * The name of the location of the data policy. */ location: pulumi.Input<string>; /** * Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. */ policyTag: pulumi.Input<string>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input<string>; }