Data
data class DataPolicyArgs(val dataMaskingPolicy: Output<DataPolicyDataMaskingPolicyArgs>? = null, val dataPolicyId: Output<String>? = null, val dataPolicyType: Output<String>? = null, val location: Output<String>? = null, val policyTag: Output<String>? = null, val project: Output<String>? = null) : ConvertibleToJava<DataPolicyArgs>
A BigQuery Data Policy To get more information about DataPolicy, see:
How-to Guides
Example Usage
Bigquery Datapolicy Data Policy Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const taxonomy = new gcp.datacatalog.Taxonomy("taxonomy", {
region: "us-central1",
displayName: "taxonomy",
description: "A collection of policy tags",
activatedPolicyTypes: ["FINE_GRAINED_ACCESS_CONTROL"],
});
const policyTag = new gcp.datacatalog.PolicyTag("policy_tag", {
taxonomy: taxonomy.id,
displayName: "Low security",
description: "A policy tag normally associated with low security items",
});
const dataPolicy = new gcp.bigquerydatapolicy.DataPolicy("data_policy", {
location: "us-central1",
dataPolicyId: "data_policy",
policyTag: policyTag.name,
dataPolicyType: "COLUMN_LEVEL_SECURITY_POLICY",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
region="us-central1",
display_name="taxonomy",
description="A collection of policy tags",
activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
taxonomy=taxonomy.id,
display_name="Low security",
description="A policy tag normally associated with low security items")
data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
location="us-central1",
data_policy_id="data_policy",
policy_tag=policy_tag.name,
data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var taxonomy = new Gcp.DataCatalog.Taxonomy("taxonomy", new()
{
Region = "us-central1",
DisplayName = "taxonomy",
Description = "A collection of policy tags",
ActivatedPolicyTypes = new[]
{
"FINE_GRAINED_ACCESS_CONTROL",
},
});
var policyTag = new Gcp.DataCatalog.PolicyTag("policy_tag", new()
{
Taxonomy = taxonomy.Id,
DisplayName = "Low security",
Description = "A policy tag normally associated with low security items",
});
var dataPolicy = new Gcp.BigQueryDataPolicy.DataPolicy("data_policy", new()
{
Location = "us-central1",
DataPolicyId = "data_policy",
PolicyTag = policyTag.Name,
DataPolicyType = "COLUMN_LEVEL_SECURITY_POLICY",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
taxonomy, err := datacatalog.NewTaxonomy(ctx, "taxonomy", &datacatalog.TaxonomyArgs{
Region: pulumi.String("us-central1"),
DisplayName: pulumi.String("taxonomy"),
Description: pulumi.String("A collection of policy tags"),
ActivatedPolicyTypes: pulumi.StringArray{
pulumi.String("FINE_GRAINED_ACCESS_CONTROL"),
},
})
if err != nil {
return err
}
policyTag, err := datacatalog.NewPolicyTag(ctx, "policy_tag", &datacatalog.PolicyTagArgs{
Taxonomy: taxonomy.ID(),
DisplayName: pulumi.String("Low security"),
Description: pulumi.String("A policy tag normally associated with low security items"),
})
if err != nil {
return err
}
_, err = bigquerydatapolicy.NewDataPolicy(ctx, "data_policy", &bigquerydatapolicy.DataPolicyArgs{
Location: pulumi.String("us-central1"),
DataPolicyId: pulumi.String("data_policy"),
PolicyTag: policyTag.Name,
DataPolicyType: pulumi.String("COLUMN_LEVEL_SECURITY_POLICY"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.datacatalog.Taxonomy;
import com.pulumi.gcp.datacatalog.TaxonomyArgs;
import com.pulumi.gcp.datacatalog.PolicyTag;
import com.pulumi.gcp.datacatalog.PolicyTagArgs;
import com.pulumi.gcp.bigquerydatapolicy.DataPolicy;
import com.pulumi.gcp.bigquerydatapolicy.DataPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var taxonomy = new Taxonomy("taxonomy", TaxonomyArgs.builder()
.region("us-central1")
.displayName("taxonomy")
.description("A collection of policy tags")
.activatedPolicyTypes("FINE_GRAINED_ACCESS_CONTROL")
.build());
var policyTag = new PolicyTag("policyTag", PolicyTagArgs.builder()
.taxonomy(taxonomy.id())
.displayName("Low security")
.description("A policy tag normally associated with low security items")
.build());
var dataPolicy = new DataPolicy("dataPolicy", DataPolicyArgs.builder()
.location("us-central1")
.dataPolicyId("data_policy")
.policyTag(policyTag.name())
.dataPolicyType("COLUMN_LEVEL_SECURITY_POLICY")
.build());
}
}Content copied to clipboard
resources:
dataPolicy:
type: gcp:bigquerydatapolicy:DataPolicy
name: data_policy
properties:
location: us-central1
dataPolicyId: data_policy
policyTag: ${policyTag.name}
dataPolicyType: COLUMN_LEVEL_SECURITY_POLICY
policyTag:
type: gcp:datacatalog:PolicyTag
name: policy_tag
properties:
taxonomy: ${taxonomy.id}
displayName: Low security
description: A policy tag normally associated with low security items
taxonomy:
type: gcp:datacatalog:Taxonomy
properties:
region: us-central1
displayName: taxonomy
description: A collection of policy tags
activatedPolicyTypes:
- FINE_GRAINED_ACCESS_CONTROLContent copied to clipboard
Bigquery Datapolicy Data Policy Routine
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const taxonomy = new gcp.datacatalog.Taxonomy("taxonomy", {
region: "us-central1",
displayName: "taxonomy",
description: "A collection of policy tags",
activatedPolicyTypes: ["FINE_GRAINED_ACCESS_CONTROL"],
});
const policyTag = new gcp.datacatalog.PolicyTag("policy_tag", {
taxonomy: taxonomy.id,
displayName: "Low security",
description: "A policy tag normally associated with low security items",
});
const test = new gcp.bigquery.Dataset("test", {
datasetId: "dataset_id",
location: "us-central1",
});
const customMaskingRoutine = new gcp.bigquery.Routine("custom_masking_routine", {
datasetId: test.datasetId,
routineId: "custom_masking_routine",
routineType: "SCALAR_FUNCTION",
language: "SQL",
dataGovernanceType: "DATA_MASKING",
definitionBody: "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
returnType: "{\"typeKind\" : \"STRING\"}",
arguments: [{
name: "ssn",
dataType: "{\"typeKind\" : \"STRING\"}",
}],
});
const dataPolicy = new gcp.bigquerydatapolicy.DataPolicy("data_policy", {
location: "us-central1",
dataPolicyId: "data_policy",
policyTag: policyTag.name,
dataPolicyType: "DATA_MASKING_POLICY",
dataMaskingPolicy: {
routine: customMaskingRoutine.id,
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
region="us-central1",
display_name="taxonomy",
description="A collection of policy tags",
activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
taxonomy=taxonomy.id,
display_name="Low security",
description="A policy tag normally associated with low security items")
test = gcp.bigquery.Dataset("test",
dataset_id="dataset_id",
location="us-central1")
custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
dataset_id=test.dataset_id,
routine_id="custom_masking_routine",
routine_type="SCALAR_FUNCTION",
language="SQL",
data_governance_type="DATA_MASKING",
definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
return_type="{\"typeKind\" : \"STRING\"}",
arguments=[{
"name": "ssn",
"data_type": "{\"typeKind\" : \"STRING\"}",
}])
data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
location="us-central1",
data_policy_id="data_policy",
policy_tag=policy_tag.name,
data_policy_type="DATA_MASKING_POLICY",
data_masking_policy={
"routine": custom_masking_routine.id,
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var taxonomy = new Gcp.DataCatalog.Taxonomy("taxonomy", new()
{
Region = "us-central1",
DisplayName = "taxonomy",
Description = "A collection of policy tags",
ActivatedPolicyTypes = new[]
{
"FINE_GRAINED_ACCESS_CONTROL",
},
});
var policyTag = new Gcp.DataCatalog.PolicyTag("policy_tag", new()
{
Taxonomy = taxonomy.Id,
DisplayName = "Low security",
Description = "A policy tag normally associated with low security items",
});
var test = new Gcp.BigQuery.Dataset("test", new()
{
DatasetId = "dataset_id",
Location = "us-central1",
});
var customMaskingRoutine = new Gcp.BigQuery.Routine("custom_masking_routine", new()
{
DatasetId = test.DatasetId,
RoutineId = "custom_masking_routine",
RoutineType = "SCALAR_FUNCTION",
Language = "SQL",
DataGovernanceType = "DATA_MASKING",
DefinitionBody = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
ReturnType = "{\"typeKind\" : \"STRING\"}",
Arguments = new[]
{
new Gcp.BigQuery.Inputs.RoutineArgumentArgs
{
Name = "ssn",
DataType = "{\"typeKind\" : \"STRING\"}",
},
},
});
var dataPolicy = new Gcp.BigQueryDataPolicy.DataPolicy("data_policy", new()
{
Location = "us-central1",
DataPolicyId = "data_policy",
PolicyTag = policyTag.Name,
DataPolicyType = "DATA_MASKING_POLICY",
DataMaskingPolicy = new Gcp.BigQueryDataPolicy.Inputs.DataPolicyDataMaskingPolicyArgs
{
Routine = customMaskingRoutine.Id,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
taxonomy, err := datacatalog.NewTaxonomy(ctx, "taxonomy", &datacatalog.TaxonomyArgs{
Region: pulumi.String("us-central1"),
DisplayName: pulumi.String("taxonomy"),
Description: pulumi.String("A collection of policy tags"),
ActivatedPolicyTypes: pulumi.StringArray{
pulumi.String("FINE_GRAINED_ACCESS_CONTROL"),
},
})
if err != nil {
return err
}
policyTag, err := datacatalog.NewPolicyTag(ctx, "policy_tag", &datacatalog.PolicyTagArgs{
Taxonomy: taxonomy.ID(),
DisplayName: pulumi.String("Low security"),
Description: pulumi.String("A policy tag normally associated with low security items"),
})
if err != nil {
return err
}
test, err := bigquery.NewDataset(ctx, "test", &bigquery.DatasetArgs{
DatasetId: pulumi.String("dataset_id"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
customMaskingRoutine, err := bigquery.NewRoutine(ctx, "custom_masking_routine", &bigquery.RoutineArgs{
DatasetId: test.DatasetId,
RoutineId: pulumi.String("custom_masking_routine"),
RoutineType: pulumi.String("SCALAR_FUNCTION"),
Language: pulumi.String("SQL"),
DataGovernanceType: pulumi.String("DATA_MASKING"),
DefinitionBody: pulumi.String("SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"),
ReturnType: pulumi.String("{\"typeKind\" : \"STRING\"}"),
Arguments: bigquery.RoutineArgumentArray{
&bigquery.RoutineArgumentArgs{
Name: pulumi.String("ssn"),
DataType: pulumi.String("{\"typeKind\" : \"STRING\"}"),
},
},
})
if err != nil {
return err
}
_, err = bigquerydatapolicy.NewDataPolicy(ctx, "data_policy", &bigquerydatapolicy.DataPolicyArgs{
Location: pulumi.String("us-central1"),
DataPolicyId: pulumi.String("data_policy"),
PolicyTag: policyTag.Name,
DataPolicyType: pulumi.String("DATA_MASKING_POLICY"),
DataMaskingPolicy: &bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs{
Routine: customMaskingRoutine.ID(),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.datacatalog.Taxonomy;
import com.pulumi.gcp.datacatalog.TaxonomyArgs;
import com.pulumi.gcp.datacatalog.PolicyTag;
import com.pulumi.gcp.datacatalog.PolicyTagArgs;
import com.pulumi.gcp.bigquery.Dataset;
import com.pulumi.gcp.bigquery.DatasetArgs;
import com.pulumi.gcp.bigquery.Routine;
import com.pulumi.gcp.bigquery.RoutineArgs;
import com.pulumi.gcp.bigquery.inputs.RoutineArgumentArgs;
import com.pulumi.gcp.bigquerydatapolicy.DataPolicy;
import com.pulumi.gcp.bigquerydatapolicy.DataPolicyArgs;
import com.pulumi.gcp.bigquerydatapolicy.inputs.DataPolicyDataMaskingPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var taxonomy = new Taxonomy("taxonomy", TaxonomyArgs.builder()
.region("us-central1")
.displayName("taxonomy")
.description("A collection of policy tags")
.activatedPolicyTypes("FINE_GRAINED_ACCESS_CONTROL")
.build());
var policyTag = new PolicyTag("policyTag", PolicyTagArgs.builder()
.taxonomy(taxonomy.id())
.displayName("Low security")
.description("A policy tag normally associated with low security items")
.build());
var test = new Dataset("test", DatasetArgs.builder()
.datasetId("dataset_id")
.location("us-central1")
.build());
var customMaskingRoutine = new Routine("customMaskingRoutine", RoutineArgs.builder()
.datasetId(test.datasetId())
.routineId("custom_masking_routine")
.routineType("SCALAR_FUNCTION")
.language("SQL")
.dataGovernanceType("DATA_MASKING")
.definitionBody("SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')")
.returnType("{\"typeKind\" : \"STRING\"}")
.arguments(RoutineArgumentArgs.builder()
.name("ssn")
.dataType("{\"typeKind\" : \"STRING\"}")
.build())
.build());
var dataPolicy = new DataPolicy("dataPolicy", DataPolicyArgs.builder()
.location("us-central1")
.dataPolicyId("data_policy")
.policyTag(policyTag.name())
.dataPolicyType("DATA_MASKING_POLICY")
.dataMaskingPolicy(DataPolicyDataMaskingPolicyArgs.builder()
.routine(customMaskingRoutine.id())
.build())
.build());
}
}Content copied to clipboard
resources:
dataPolicy:
type: gcp:bigquerydatapolicy:DataPolicy
name: data_policy
properties:
location: us-central1
dataPolicyId: data_policy
policyTag: ${policyTag.name}
dataPolicyType: DATA_MASKING_POLICY
dataMaskingPolicy:
routine: ${customMaskingRoutine.id}
policyTag:
type: gcp:datacatalog:PolicyTag
name: policy_tag
properties:
taxonomy: ${taxonomy.id}
displayName: Low security
description: A policy tag normally associated with low security items
taxonomy:
type: gcp:datacatalog:Taxonomy
properties:
region: us-central1
displayName: taxonomy
description: A collection of policy tags
activatedPolicyTypes:
- FINE_GRAINED_ACCESS_CONTROL
test:
type: gcp:bigquery:Dataset
properties:
datasetId: dataset_id
location: us-central1
customMaskingRoutine:
type: gcp:bigquery:Routine
name: custom_masking_routine
properties:
datasetId: ${test.datasetId}
routineId: custom_masking_routine
routineType: SCALAR_FUNCTION
language: SQL
dataGovernanceType: DATA_MASKING
definitionBody: SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')
returnType: '{"typeKind" : "STRING"}'
arguments:
- name: ssn
dataType: '{"typeKind" : "STRING"}'Content copied to clipboard
Import
DataPolicy can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}{{project}}/{{location}}/{{data_policy_id}}{{location}}/{{data_policy_id}}When using thepulumi importcommand, DataPolicy can be imported using one of the formats above. For example:
$ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}Content copied to clipboard
$ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default {{project}}/{{location}}/{{data_policy_id}}Content copied to clipboard
$ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default {{location}}/{{data_policy_id}}Content copied to clipboard
Properties
Link copied to clipboard
The data masking policy that specifies the data masking rule to use. Structure is documented below.
Link copied to clipboard
User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.
Link copied to clipboard
The enrollment level of the service. Possible values are: COLUMN_LEVEL_SECURITY_POLICY, DATA_MASKING_POLICY.