Documentation ¶
Index ¶
- type DataPolicy
- type DataPolicyArgs
- type DataPolicyArray
- type DataPolicyArrayInput
- type DataPolicyArrayOutput
- func (DataPolicyArrayOutput) ElementType() reflect.Type
- func (o DataPolicyArrayOutput) Index(i pulumi.IntInput) DataPolicyOutput
- func (o DataPolicyArrayOutput) ToDataPolicyArrayOutput() DataPolicyArrayOutput
- func (o DataPolicyArrayOutput) ToDataPolicyArrayOutputWithContext(ctx context.Context) DataPolicyArrayOutput
- type DataPolicyDataMaskingPolicy
- type DataPolicyDataMaskingPolicyArgs
- func (DataPolicyDataMaskingPolicyArgs) ElementType() reflect.Type
- func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyOutput() DataPolicyDataMaskingPolicyOutput
- func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyOutput
- func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput
- func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyPtrOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyPtrOutput
- type DataPolicyDataMaskingPolicyInput
- type DataPolicyDataMaskingPolicyOutput
- func (DataPolicyDataMaskingPolicyOutput) ElementType() reflect.Type
- func (o DataPolicyDataMaskingPolicyOutput) PredefinedExpression() pulumi.StringPtrOutput
- func (o DataPolicyDataMaskingPolicyOutput) Routine() pulumi.StringPtrOutput
- func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyOutput() DataPolicyDataMaskingPolicyOutput
- func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyOutput
- func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput
- func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyPtrOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyPtrOutput
- type DataPolicyDataMaskingPolicyPtrInput
- type DataPolicyDataMaskingPolicyPtrOutput
- func (o DataPolicyDataMaskingPolicyPtrOutput) Elem() DataPolicyDataMaskingPolicyOutput
- func (DataPolicyDataMaskingPolicyPtrOutput) ElementType() reflect.Type
- func (o DataPolicyDataMaskingPolicyPtrOutput) PredefinedExpression() pulumi.StringPtrOutput
- func (o DataPolicyDataMaskingPolicyPtrOutput) Routine() pulumi.StringPtrOutput
- func (o DataPolicyDataMaskingPolicyPtrOutput) ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput
- func (o DataPolicyDataMaskingPolicyPtrOutput) ToDataPolicyDataMaskingPolicyPtrOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyPtrOutput
- type DataPolicyIamBinding
- type DataPolicyIamBindingArgs
- type DataPolicyIamBindingArray
- type DataPolicyIamBindingArrayInput
- type DataPolicyIamBindingArrayOutput
- func (DataPolicyIamBindingArrayOutput) ElementType() reflect.Type
- func (o DataPolicyIamBindingArrayOutput) Index(i pulumi.IntInput) DataPolicyIamBindingOutput
- func (o DataPolicyIamBindingArrayOutput) ToDataPolicyIamBindingArrayOutput() DataPolicyIamBindingArrayOutput
- func (o DataPolicyIamBindingArrayOutput) ToDataPolicyIamBindingArrayOutputWithContext(ctx context.Context) DataPolicyIamBindingArrayOutput
- type DataPolicyIamBindingCondition
- type DataPolicyIamBindingConditionArgs
- func (DataPolicyIamBindingConditionArgs) ElementType() reflect.Type
- func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionOutput() DataPolicyIamBindingConditionOutput
- func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionOutput
- func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput
- func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionPtrOutput
- type DataPolicyIamBindingConditionInput
- type DataPolicyIamBindingConditionOutput
- func (o DataPolicyIamBindingConditionOutput) Description() pulumi.StringPtrOutput
- func (DataPolicyIamBindingConditionOutput) ElementType() reflect.Type
- func (o DataPolicyIamBindingConditionOutput) Expression() pulumi.StringOutput
- func (o DataPolicyIamBindingConditionOutput) Title() pulumi.StringOutput
- func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionOutput() DataPolicyIamBindingConditionOutput
- func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionOutput
- func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput
- func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionPtrOutput
- type DataPolicyIamBindingConditionPtrInput
- type DataPolicyIamBindingConditionPtrOutput
- func (o DataPolicyIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o DataPolicyIamBindingConditionPtrOutput) Elem() DataPolicyIamBindingConditionOutput
- func (DataPolicyIamBindingConditionPtrOutput) ElementType() reflect.Type
- func (o DataPolicyIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o DataPolicyIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o DataPolicyIamBindingConditionPtrOutput) ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput
- func (o DataPolicyIamBindingConditionPtrOutput) ToDataPolicyIamBindingConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionPtrOutput
- type DataPolicyIamBindingInput
- type DataPolicyIamBindingMap
- type DataPolicyIamBindingMapInput
- type DataPolicyIamBindingMapOutput
- func (DataPolicyIamBindingMapOutput) ElementType() reflect.Type
- func (o DataPolicyIamBindingMapOutput) MapIndex(k pulumi.StringInput) DataPolicyIamBindingOutput
- func (o DataPolicyIamBindingMapOutput) ToDataPolicyIamBindingMapOutput() DataPolicyIamBindingMapOutput
- func (o DataPolicyIamBindingMapOutput) ToDataPolicyIamBindingMapOutputWithContext(ctx context.Context) DataPolicyIamBindingMapOutput
- type DataPolicyIamBindingOutput
- func (o DataPolicyIamBindingOutput) Condition() DataPolicyIamBindingConditionPtrOutput
- func (o DataPolicyIamBindingOutput) DataPolicyId() pulumi.StringOutput
- func (DataPolicyIamBindingOutput) ElementType() reflect.Type
- func (o DataPolicyIamBindingOutput) Etag() pulumi.StringOutput
- func (o DataPolicyIamBindingOutput) Location() pulumi.StringOutput
- func (o DataPolicyIamBindingOutput) Members() pulumi.StringArrayOutput
- func (o DataPolicyIamBindingOutput) Project() pulumi.StringOutput
- func (o DataPolicyIamBindingOutput) Role() pulumi.StringOutput
- func (o DataPolicyIamBindingOutput) ToDataPolicyIamBindingOutput() DataPolicyIamBindingOutput
- func (o DataPolicyIamBindingOutput) ToDataPolicyIamBindingOutputWithContext(ctx context.Context) DataPolicyIamBindingOutput
- type DataPolicyIamBindingState
- type DataPolicyIamMember
- type DataPolicyIamMemberArgs
- type DataPolicyIamMemberArray
- type DataPolicyIamMemberArrayInput
- type DataPolicyIamMemberArrayOutput
- func (DataPolicyIamMemberArrayOutput) ElementType() reflect.Type
- func (o DataPolicyIamMemberArrayOutput) Index(i pulumi.IntInput) DataPolicyIamMemberOutput
- func (o DataPolicyIamMemberArrayOutput) ToDataPolicyIamMemberArrayOutput() DataPolicyIamMemberArrayOutput
- func (o DataPolicyIamMemberArrayOutput) ToDataPolicyIamMemberArrayOutputWithContext(ctx context.Context) DataPolicyIamMemberArrayOutput
- type DataPolicyIamMemberCondition
- type DataPolicyIamMemberConditionArgs
- func (DataPolicyIamMemberConditionArgs) ElementType() reflect.Type
- func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionOutput() DataPolicyIamMemberConditionOutput
- func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionOutput
- func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput
- func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionPtrOutput
- type DataPolicyIamMemberConditionInput
- type DataPolicyIamMemberConditionOutput
- func (o DataPolicyIamMemberConditionOutput) Description() pulumi.StringPtrOutput
- func (DataPolicyIamMemberConditionOutput) ElementType() reflect.Type
- func (o DataPolicyIamMemberConditionOutput) Expression() pulumi.StringOutput
- func (o DataPolicyIamMemberConditionOutput) Title() pulumi.StringOutput
- func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionOutput() DataPolicyIamMemberConditionOutput
- func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionOutput
- func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput
- func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionPtrOutput
- type DataPolicyIamMemberConditionPtrInput
- type DataPolicyIamMemberConditionPtrOutput
- func (o DataPolicyIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
- func (o DataPolicyIamMemberConditionPtrOutput) Elem() DataPolicyIamMemberConditionOutput
- func (DataPolicyIamMemberConditionPtrOutput) ElementType() reflect.Type
- func (o DataPolicyIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
- func (o DataPolicyIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
- func (o DataPolicyIamMemberConditionPtrOutput) ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput
- func (o DataPolicyIamMemberConditionPtrOutput) ToDataPolicyIamMemberConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionPtrOutput
- type DataPolicyIamMemberInput
- type DataPolicyIamMemberMap
- type DataPolicyIamMemberMapInput
- type DataPolicyIamMemberMapOutput
- func (DataPolicyIamMemberMapOutput) ElementType() reflect.Type
- func (o DataPolicyIamMemberMapOutput) MapIndex(k pulumi.StringInput) DataPolicyIamMemberOutput
- func (o DataPolicyIamMemberMapOutput) ToDataPolicyIamMemberMapOutput() DataPolicyIamMemberMapOutput
- func (o DataPolicyIamMemberMapOutput) ToDataPolicyIamMemberMapOutputWithContext(ctx context.Context) DataPolicyIamMemberMapOutput
- type DataPolicyIamMemberOutput
- func (o DataPolicyIamMemberOutput) Condition() DataPolicyIamMemberConditionPtrOutput
- func (o DataPolicyIamMemberOutput) DataPolicyId() pulumi.StringOutput
- func (DataPolicyIamMemberOutput) ElementType() reflect.Type
- func (o DataPolicyIamMemberOutput) Etag() pulumi.StringOutput
- func (o DataPolicyIamMemberOutput) Location() pulumi.StringOutput
- func (o DataPolicyIamMemberOutput) Member() pulumi.StringOutput
- func (o DataPolicyIamMemberOutput) Project() pulumi.StringOutput
- func (o DataPolicyIamMemberOutput) Role() pulumi.StringOutput
- func (o DataPolicyIamMemberOutput) ToDataPolicyIamMemberOutput() DataPolicyIamMemberOutput
- func (o DataPolicyIamMemberOutput) ToDataPolicyIamMemberOutputWithContext(ctx context.Context) DataPolicyIamMemberOutput
- type DataPolicyIamMemberState
- type DataPolicyIamPolicy
- type DataPolicyIamPolicyArgs
- type DataPolicyIamPolicyArray
- type DataPolicyIamPolicyArrayInput
- type DataPolicyIamPolicyArrayOutput
- func (DataPolicyIamPolicyArrayOutput) ElementType() reflect.Type
- func (o DataPolicyIamPolicyArrayOutput) Index(i pulumi.IntInput) DataPolicyIamPolicyOutput
- func (o DataPolicyIamPolicyArrayOutput) ToDataPolicyIamPolicyArrayOutput() DataPolicyIamPolicyArrayOutput
- func (o DataPolicyIamPolicyArrayOutput) ToDataPolicyIamPolicyArrayOutputWithContext(ctx context.Context) DataPolicyIamPolicyArrayOutput
- type DataPolicyIamPolicyInput
- type DataPolicyIamPolicyMap
- type DataPolicyIamPolicyMapInput
- type DataPolicyIamPolicyMapOutput
- func (DataPolicyIamPolicyMapOutput) ElementType() reflect.Type
- func (o DataPolicyIamPolicyMapOutput) MapIndex(k pulumi.StringInput) DataPolicyIamPolicyOutput
- func (o DataPolicyIamPolicyMapOutput) ToDataPolicyIamPolicyMapOutput() DataPolicyIamPolicyMapOutput
- func (o DataPolicyIamPolicyMapOutput) ToDataPolicyIamPolicyMapOutputWithContext(ctx context.Context) DataPolicyIamPolicyMapOutput
- type DataPolicyIamPolicyOutput
- func (o DataPolicyIamPolicyOutput) DataPolicyId() pulumi.StringOutput
- func (DataPolicyIamPolicyOutput) ElementType() reflect.Type
- func (o DataPolicyIamPolicyOutput) Etag() pulumi.StringOutput
- func (o DataPolicyIamPolicyOutput) Location() pulumi.StringOutput
- func (o DataPolicyIamPolicyOutput) PolicyData() pulumi.StringOutput
- func (o DataPolicyIamPolicyOutput) Project() pulumi.StringOutput
- func (o DataPolicyIamPolicyOutput) ToDataPolicyIamPolicyOutput() DataPolicyIamPolicyOutput
- func (o DataPolicyIamPolicyOutput) ToDataPolicyIamPolicyOutputWithContext(ctx context.Context) DataPolicyIamPolicyOutput
- type DataPolicyIamPolicyState
- type DataPolicyInput
- type DataPolicyMap
- type DataPolicyMapInput
- type DataPolicyMapOutput
- func (DataPolicyMapOutput) ElementType() reflect.Type
- func (o DataPolicyMapOutput) MapIndex(k pulumi.StringInput) DataPolicyOutput
- func (o DataPolicyMapOutput) ToDataPolicyMapOutput() DataPolicyMapOutput
- func (o DataPolicyMapOutput) ToDataPolicyMapOutputWithContext(ctx context.Context) DataPolicyMapOutput
- type DataPolicyOutput
- func (o DataPolicyOutput) DataMaskingPolicy() DataPolicyDataMaskingPolicyPtrOutput
- func (o DataPolicyOutput) DataPolicyId() pulumi.StringOutput
- func (o DataPolicyOutput) DataPolicyType() pulumi.StringOutput
- func (DataPolicyOutput) ElementType() reflect.Type
- func (o DataPolicyOutput) Location() pulumi.StringOutput
- func (o DataPolicyOutput) Name() pulumi.StringOutput
- func (o DataPolicyOutput) PolicyTag() pulumi.StringOutput
- func (o DataPolicyOutput) Project() pulumi.StringOutput
- func (o DataPolicyOutput) ToDataPolicyOutput() DataPolicyOutput
- func (o DataPolicyOutput) ToDataPolicyOutputWithContext(ctx context.Context) DataPolicyOutput
- type DataPolicyState
- type GetIamPolicyArgs
- type GetIamPolicyOutputArgs
- type GetIamPolicyResult
- type GetIamPolicyResultOutput
- func (o GetIamPolicyResultOutput) DataPolicyId() pulumi.StringOutput
- func (GetIamPolicyResultOutput) ElementType() reflect.Type
- func (o GetIamPolicyResultOutput) Etag() pulumi.StringOutput
- func (o GetIamPolicyResultOutput) Id() pulumi.StringOutput
- func (o GetIamPolicyResultOutput) Location() pulumi.StringOutput
- func (o GetIamPolicyResultOutput) PolicyData() pulumi.StringOutput
- func (o GetIamPolicyResultOutput) Project() pulumi.StringOutput
- func (o GetIamPolicyResultOutput) ToGetIamPolicyResultOutput() GetIamPolicyResultOutput
- func (o GetIamPolicyResultOutput) ToGetIamPolicyResultOutputWithContext(ctx context.Context) GetIamPolicyResultOutput
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DataPolicy ¶
type DataPolicy struct { pulumi.CustomResourceState // The data masking policy that specifies the data masking rule to use. // Structure is documented below. DataMaskingPolicy DataPolicyDataMaskingPolicyPtrOutput `pulumi:"dataMaskingPolicy"` // User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. DataPolicyId pulumi.StringOutput `pulumi:"dataPolicyId"` // The enrollment level of the service. // Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`. // // *** DataPolicyType pulumi.StringOutput `pulumi:"dataPolicyType"` // The name of the location of the data policy. Location pulumi.StringOutput `pulumi:"location"` // Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. Name pulumi.StringOutput `pulumi:"name"` // Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. PolicyTag pulumi.StringOutput `pulumi:"policyTag"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` }
A BigQuery Data Policy
To get more information about DataPolicy, see:
* [API documentation](https://cloud.google.com/bigquery/docs/reference/bigquerydatapolicy/rest/v1beta1/projects.locations.dataPolicies/create) * How-to Guides
- [Official Documentation](https://cloud.google.com/bigquery/docs/column-data-masking-intro)
## Example Usage
### Bigquery Datapolicy Data Policy Basic
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { taxonomy, err := datacatalog.NewTaxonomy(ctx, "taxonomy", &datacatalog.TaxonomyArgs{ Region: pulumi.String("us-central1"), DisplayName: pulumi.String("taxonomy"), Description: pulumi.String("A collection of policy tags"), ActivatedPolicyTypes: pulumi.StringArray{ pulumi.String("FINE_GRAINED_ACCESS_CONTROL"), }, }) if err != nil { return err } policyTag, err := datacatalog.NewPolicyTag(ctx, "policy_tag", &datacatalog.PolicyTagArgs{ Taxonomy: taxonomy.ID(), DisplayName: pulumi.String("Low security"), Description: pulumi.String("A policy tag normally associated with low security items"), }) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicy(ctx, "data_policy", &bigquerydatapolicy.DataPolicyArgs{ Location: pulumi.String("us-central1"), DataPolicyId: pulumi.String("data_policy"), PolicyTag: policyTag.Name, DataPolicyType: pulumi.String("COLUMN_LEVEL_SECURITY_POLICY"), }) if err != nil { return err } return nil }) }
``` ### Bigquery Datapolicy Data Policy Routine
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquery" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/datacatalog" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { taxonomy, err := datacatalog.NewTaxonomy(ctx, "taxonomy", &datacatalog.TaxonomyArgs{ Region: pulumi.String("us-central1"), DisplayName: pulumi.String("taxonomy"), Description: pulumi.String("A collection of policy tags"), ActivatedPolicyTypes: pulumi.StringArray{ pulumi.String("FINE_GRAINED_ACCESS_CONTROL"), }, }) if err != nil { return err } policyTag, err := datacatalog.NewPolicyTag(ctx, "policy_tag", &datacatalog.PolicyTagArgs{ Taxonomy: taxonomy.ID(), DisplayName: pulumi.String("Low security"), Description: pulumi.String("A policy tag normally associated with low security items"), }) if err != nil { return err } test, err := bigquery.NewDataset(ctx, "test", &bigquery.DatasetArgs{ DatasetId: pulumi.String("dataset_id"), Location: pulumi.String("us-central1"), }) if err != nil { return err } customMaskingRoutine, err := bigquery.NewRoutine(ctx, "custom_masking_routine", &bigquery.RoutineArgs{ DatasetId: test.DatasetId, RoutineId: pulumi.String("custom_masking_routine"), RoutineType: pulumi.String("SCALAR_FUNCTION"), Language: pulumi.String("SQL"), DataGovernanceType: pulumi.String("DATA_MASKING"), DefinitionBody: pulumi.String("SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"), ReturnType: pulumi.String("{\"typeKind\" : \"STRING\"}"), Arguments: bigquery.RoutineArgumentArray{ &bigquery.RoutineArgumentArgs{ Name: pulumi.String("ssn"), DataType: pulumi.String("{\"typeKind\" : \"STRING\"}"), }, }, }) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicy(ctx, "data_policy", &bigquerydatapolicy.DataPolicyArgs{ Location: pulumi.String("us-central1"), DataPolicyId: pulumi.String("data_policy"), PolicyTag: policyTag.Name, DataPolicyType: pulumi.String("DATA_MASKING_POLICY"), DataMaskingPolicy: &bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs{ Routine: customMaskingRoutine.ID(), }, }) if err != nil { return err } return nil }) }
```
## Import
DataPolicy can be imported using any of these accepted formats:
* `projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}`
* `{{project}}/{{location}}/{{data_policy_id}}`
* `{{location}}/{{data_policy_id}}`
When using the `pulumi import` command, DataPolicy can be imported using one of the formats above. For example:
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} ```
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default {{project}}/{{location}}/{{data_policy_id}} ```
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicy:DataPolicy default {{location}}/{{data_policy_id}} ```
func GetDataPolicy ¶
func GetDataPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DataPolicyState, opts ...pulumi.ResourceOption) (*DataPolicy, error)
GetDataPolicy gets an existing DataPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewDataPolicy ¶
func NewDataPolicy(ctx *pulumi.Context, name string, args *DataPolicyArgs, opts ...pulumi.ResourceOption) (*DataPolicy, error)
NewDataPolicy registers a new resource with the given unique name, arguments, and options.
func (*DataPolicy) ElementType ¶
func (*DataPolicy) ElementType() reflect.Type
func (*DataPolicy) ToDataPolicyOutput ¶
func (i *DataPolicy) ToDataPolicyOutput() DataPolicyOutput
func (*DataPolicy) ToDataPolicyOutputWithContext ¶
func (i *DataPolicy) ToDataPolicyOutputWithContext(ctx context.Context) DataPolicyOutput
type DataPolicyArgs ¶
type DataPolicyArgs struct { // The data masking policy that specifies the data masking rule to use. // Structure is documented below. DataMaskingPolicy DataPolicyDataMaskingPolicyPtrInput // User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. DataPolicyId pulumi.StringInput // The enrollment level of the service. // Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`. // // *** DataPolicyType pulumi.StringInput // The name of the location of the data policy. Location pulumi.StringInput // Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. PolicyTag pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput }
The set of arguments for constructing a DataPolicy resource.
func (DataPolicyArgs) ElementType ¶
func (DataPolicyArgs) ElementType() reflect.Type
type DataPolicyArray ¶
type DataPolicyArray []DataPolicyInput
func (DataPolicyArray) ElementType ¶
func (DataPolicyArray) ElementType() reflect.Type
func (DataPolicyArray) ToDataPolicyArrayOutput ¶
func (i DataPolicyArray) ToDataPolicyArrayOutput() DataPolicyArrayOutput
func (DataPolicyArray) ToDataPolicyArrayOutputWithContext ¶
func (i DataPolicyArray) ToDataPolicyArrayOutputWithContext(ctx context.Context) DataPolicyArrayOutput
type DataPolicyArrayInput ¶
type DataPolicyArrayInput interface { pulumi.Input ToDataPolicyArrayOutput() DataPolicyArrayOutput ToDataPolicyArrayOutputWithContext(context.Context) DataPolicyArrayOutput }
DataPolicyArrayInput is an input type that accepts DataPolicyArray and DataPolicyArrayOutput values. You can construct a concrete instance of `DataPolicyArrayInput` via:
DataPolicyArray{ DataPolicyArgs{...} }
type DataPolicyArrayOutput ¶
type DataPolicyArrayOutput struct{ *pulumi.OutputState }
func (DataPolicyArrayOutput) ElementType ¶
func (DataPolicyArrayOutput) ElementType() reflect.Type
func (DataPolicyArrayOutput) Index ¶
func (o DataPolicyArrayOutput) Index(i pulumi.IntInput) DataPolicyOutput
func (DataPolicyArrayOutput) ToDataPolicyArrayOutput ¶
func (o DataPolicyArrayOutput) ToDataPolicyArrayOutput() DataPolicyArrayOutput
func (DataPolicyArrayOutput) ToDataPolicyArrayOutputWithContext ¶
func (o DataPolicyArrayOutput) ToDataPolicyArrayOutputWithContext(ctx context.Context) DataPolicyArrayOutput
type DataPolicyDataMaskingPolicy ¶
type DataPolicyDataMaskingPolicy struct { // The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. // Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`. PredefinedExpression *string `pulumi:"predefinedExpression"` // The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}. Routine *string `pulumi:"routine"` }
type DataPolicyDataMaskingPolicyArgs ¶
type DataPolicyDataMaskingPolicyArgs struct { // The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. // Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`. PredefinedExpression pulumi.StringPtrInput `pulumi:"predefinedExpression"` // The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}. Routine pulumi.StringPtrInput `pulumi:"routine"` }
func (DataPolicyDataMaskingPolicyArgs) ElementType ¶
func (DataPolicyDataMaskingPolicyArgs) ElementType() reflect.Type
func (DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyOutput ¶
func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyOutput() DataPolicyDataMaskingPolicyOutput
func (DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyOutputWithContext ¶
func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyOutput
func (DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyPtrOutput ¶
func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput
func (DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyPtrOutputWithContext ¶
func (i DataPolicyDataMaskingPolicyArgs) ToDataPolicyDataMaskingPolicyPtrOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyPtrOutput
type DataPolicyDataMaskingPolicyInput ¶
type DataPolicyDataMaskingPolicyInput interface { pulumi.Input ToDataPolicyDataMaskingPolicyOutput() DataPolicyDataMaskingPolicyOutput ToDataPolicyDataMaskingPolicyOutputWithContext(context.Context) DataPolicyDataMaskingPolicyOutput }
DataPolicyDataMaskingPolicyInput is an input type that accepts DataPolicyDataMaskingPolicyArgs and DataPolicyDataMaskingPolicyOutput values. You can construct a concrete instance of `DataPolicyDataMaskingPolicyInput` via:
DataPolicyDataMaskingPolicyArgs{...}
type DataPolicyDataMaskingPolicyOutput ¶
type DataPolicyDataMaskingPolicyOutput struct{ *pulumi.OutputState }
func (DataPolicyDataMaskingPolicyOutput) ElementType ¶
func (DataPolicyDataMaskingPolicyOutput) ElementType() reflect.Type
func (DataPolicyDataMaskingPolicyOutput) PredefinedExpression ¶
func (o DataPolicyDataMaskingPolicyOutput) PredefinedExpression() pulumi.StringPtrOutput
The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
func (DataPolicyDataMaskingPolicyOutput) Routine ¶
func (o DataPolicyDataMaskingPolicyOutput) Routine() pulumi.StringPtrOutput
The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
func (DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyOutput ¶
func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyOutput() DataPolicyDataMaskingPolicyOutput
func (DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyOutputWithContext ¶
func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyOutput
func (DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyPtrOutput ¶
func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput
func (DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyPtrOutputWithContext ¶
func (o DataPolicyDataMaskingPolicyOutput) ToDataPolicyDataMaskingPolicyPtrOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyPtrOutput
type DataPolicyDataMaskingPolicyPtrInput ¶
type DataPolicyDataMaskingPolicyPtrInput interface { pulumi.Input ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput ToDataPolicyDataMaskingPolicyPtrOutputWithContext(context.Context) DataPolicyDataMaskingPolicyPtrOutput }
DataPolicyDataMaskingPolicyPtrInput is an input type that accepts DataPolicyDataMaskingPolicyArgs, DataPolicyDataMaskingPolicyPtr and DataPolicyDataMaskingPolicyPtrOutput values. You can construct a concrete instance of `DataPolicyDataMaskingPolicyPtrInput` via:
DataPolicyDataMaskingPolicyArgs{...} or: nil
func DataPolicyDataMaskingPolicyPtr ¶
func DataPolicyDataMaskingPolicyPtr(v *DataPolicyDataMaskingPolicyArgs) DataPolicyDataMaskingPolicyPtrInput
type DataPolicyDataMaskingPolicyPtrOutput ¶
type DataPolicyDataMaskingPolicyPtrOutput struct{ *pulumi.OutputState }
func (DataPolicyDataMaskingPolicyPtrOutput) ElementType ¶
func (DataPolicyDataMaskingPolicyPtrOutput) ElementType() reflect.Type
func (DataPolicyDataMaskingPolicyPtrOutput) PredefinedExpression ¶
func (o DataPolicyDataMaskingPolicyPtrOutput) PredefinedExpression() pulumi.StringPtrOutput
The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
func (DataPolicyDataMaskingPolicyPtrOutput) Routine ¶
func (o DataPolicyDataMaskingPolicyPtrOutput) Routine() pulumi.StringPtrOutput
The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
func (DataPolicyDataMaskingPolicyPtrOutput) ToDataPolicyDataMaskingPolicyPtrOutput ¶
func (o DataPolicyDataMaskingPolicyPtrOutput) ToDataPolicyDataMaskingPolicyPtrOutput() DataPolicyDataMaskingPolicyPtrOutput
func (DataPolicyDataMaskingPolicyPtrOutput) ToDataPolicyDataMaskingPolicyPtrOutputWithContext ¶
func (o DataPolicyDataMaskingPolicyPtrOutput) ToDataPolicyDataMaskingPolicyPtrOutputWithContext(ctx context.Context) DataPolicyDataMaskingPolicyPtrOutput
type DataPolicyIamBinding ¶
type DataPolicyIamBinding struct { pulumi.CustomResourceState Condition DataPolicyIamBindingConditionPtrOutput `pulumi:"condition"` DataPolicyId pulumi.StringOutput `pulumi:"dataPolicyId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:
* `bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached. * `bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved. * `bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy
> **Note:** `bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `bigquerydatapolicy.DataPolicyIamBinding` and `bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.
> **Note:** `bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.
## bigquerydatapolicy.DataPolicyIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
## This resource supports User Project Overrides.
-
# IAM policy for BigQuery Data Policy DataPolicy Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:
* `bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached. * `bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved. * `bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy
> **Note:** `bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `bigquerydatapolicy.DataPolicyIamBinding` and `bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.
> **Note:** `bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.
## bigquerydatapolicy.DataPolicyIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms:
* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
* {{project}}/{{location}}/{{data_policy_id}}
* {{location}}/{{data_policy_id}}
* {{data_policy_id}}
Any variables not passed in the import command will be taken from the provider configuration.
BigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com" ```
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer" ```
IAM policy imports use the identifier of the resource in question, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} ```
-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetDataPolicyIamBinding ¶
func GetDataPolicyIamBinding(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DataPolicyIamBindingState, opts ...pulumi.ResourceOption) (*DataPolicyIamBinding, error)
GetDataPolicyIamBinding gets an existing DataPolicyIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewDataPolicyIamBinding ¶
func NewDataPolicyIamBinding(ctx *pulumi.Context, name string, args *DataPolicyIamBindingArgs, opts ...pulumi.ResourceOption) (*DataPolicyIamBinding, error)
NewDataPolicyIamBinding registers a new resource with the given unique name, arguments, and options.
func (*DataPolicyIamBinding) ElementType ¶
func (*DataPolicyIamBinding) ElementType() reflect.Type
func (*DataPolicyIamBinding) ToDataPolicyIamBindingOutput ¶
func (i *DataPolicyIamBinding) ToDataPolicyIamBindingOutput() DataPolicyIamBindingOutput
func (*DataPolicyIamBinding) ToDataPolicyIamBindingOutputWithContext ¶
func (i *DataPolicyIamBinding) ToDataPolicyIamBindingOutputWithContext(ctx context.Context) DataPolicyIamBindingOutput
type DataPolicyIamBindingArgs ¶
type DataPolicyIamBindingArgs struct { Condition DataPolicyIamBindingConditionPtrInput DataPolicyId pulumi.StringInput // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a DataPolicyIamBinding resource.
func (DataPolicyIamBindingArgs) ElementType ¶
func (DataPolicyIamBindingArgs) ElementType() reflect.Type
type DataPolicyIamBindingArray ¶
type DataPolicyIamBindingArray []DataPolicyIamBindingInput
func (DataPolicyIamBindingArray) ElementType ¶
func (DataPolicyIamBindingArray) ElementType() reflect.Type
func (DataPolicyIamBindingArray) ToDataPolicyIamBindingArrayOutput ¶
func (i DataPolicyIamBindingArray) ToDataPolicyIamBindingArrayOutput() DataPolicyIamBindingArrayOutput
func (DataPolicyIamBindingArray) ToDataPolicyIamBindingArrayOutputWithContext ¶
func (i DataPolicyIamBindingArray) ToDataPolicyIamBindingArrayOutputWithContext(ctx context.Context) DataPolicyIamBindingArrayOutput
type DataPolicyIamBindingArrayInput ¶
type DataPolicyIamBindingArrayInput interface { pulumi.Input ToDataPolicyIamBindingArrayOutput() DataPolicyIamBindingArrayOutput ToDataPolicyIamBindingArrayOutputWithContext(context.Context) DataPolicyIamBindingArrayOutput }
DataPolicyIamBindingArrayInput is an input type that accepts DataPolicyIamBindingArray and DataPolicyIamBindingArrayOutput values. You can construct a concrete instance of `DataPolicyIamBindingArrayInput` via:
DataPolicyIamBindingArray{ DataPolicyIamBindingArgs{...} }
type DataPolicyIamBindingArrayOutput ¶
type DataPolicyIamBindingArrayOutput struct{ *pulumi.OutputState }
func (DataPolicyIamBindingArrayOutput) ElementType ¶
func (DataPolicyIamBindingArrayOutput) ElementType() reflect.Type
func (DataPolicyIamBindingArrayOutput) Index ¶
func (o DataPolicyIamBindingArrayOutput) Index(i pulumi.IntInput) DataPolicyIamBindingOutput
func (DataPolicyIamBindingArrayOutput) ToDataPolicyIamBindingArrayOutput ¶
func (o DataPolicyIamBindingArrayOutput) ToDataPolicyIamBindingArrayOutput() DataPolicyIamBindingArrayOutput
func (DataPolicyIamBindingArrayOutput) ToDataPolicyIamBindingArrayOutputWithContext ¶
func (o DataPolicyIamBindingArrayOutput) ToDataPolicyIamBindingArrayOutputWithContext(ctx context.Context) DataPolicyIamBindingArrayOutput
type DataPolicyIamBindingConditionArgs ¶
type DataPolicyIamBindingConditionArgs struct { Description pulumi.StringPtrInput `pulumi:"description"` Expression pulumi.StringInput `pulumi:"expression"` Title pulumi.StringInput `pulumi:"title"` }
func (DataPolicyIamBindingConditionArgs) ElementType ¶
func (DataPolicyIamBindingConditionArgs) ElementType() reflect.Type
func (DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionOutput ¶
func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionOutput() DataPolicyIamBindingConditionOutput
func (DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionOutputWithContext ¶
func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionOutput
func (DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionPtrOutput ¶
func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput
func (DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionPtrOutputWithContext ¶
func (i DataPolicyIamBindingConditionArgs) ToDataPolicyIamBindingConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionPtrOutput
type DataPolicyIamBindingConditionInput ¶
type DataPolicyIamBindingConditionInput interface { pulumi.Input ToDataPolicyIamBindingConditionOutput() DataPolicyIamBindingConditionOutput ToDataPolicyIamBindingConditionOutputWithContext(context.Context) DataPolicyIamBindingConditionOutput }
DataPolicyIamBindingConditionInput is an input type that accepts DataPolicyIamBindingConditionArgs and DataPolicyIamBindingConditionOutput values. You can construct a concrete instance of `DataPolicyIamBindingConditionInput` via:
DataPolicyIamBindingConditionArgs{...}
type DataPolicyIamBindingConditionOutput ¶
type DataPolicyIamBindingConditionOutput struct{ *pulumi.OutputState }
func (DataPolicyIamBindingConditionOutput) Description ¶
func (o DataPolicyIamBindingConditionOutput) Description() pulumi.StringPtrOutput
func (DataPolicyIamBindingConditionOutput) ElementType ¶
func (DataPolicyIamBindingConditionOutput) ElementType() reflect.Type
func (DataPolicyIamBindingConditionOutput) Expression ¶
func (o DataPolicyIamBindingConditionOutput) Expression() pulumi.StringOutput
func (DataPolicyIamBindingConditionOutput) Title ¶
func (o DataPolicyIamBindingConditionOutput) Title() pulumi.StringOutput
func (DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionOutput ¶
func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionOutput() DataPolicyIamBindingConditionOutput
func (DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionOutputWithContext ¶
func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionOutput
func (DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionPtrOutput ¶
func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput
func (DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionPtrOutputWithContext ¶
func (o DataPolicyIamBindingConditionOutput) ToDataPolicyIamBindingConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionPtrOutput
type DataPolicyIamBindingConditionPtrInput ¶
type DataPolicyIamBindingConditionPtrInput interface { pulumi.Input ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput ToDataPolicyIamBindingConditionPtrOutputWithContext(context.Context) DataPolicyIamBindingConditionPtrOutput }
DataPolicyIamBindingConditionPtrInput is an input type that accepts DataPolicyIamBindingConditionArgs, DataPolicyIamBindingConditionPtr and DataPolicyIamBindingConditionPtrOutput values. You can construct a concrete instance of `DataPolicyIamBindingConditionPtrInput` via:
DataPolicyIamBindingConditionArgs{...} or: nil
func DataPolicyIamBindingConditionPtr ¶
func DataPolicyIamBindingConditionPtr(v *DataPolicyIamBindingConditionArgs) DataPolicyIamBindingConditionPtrInput
type DataPolicyIamBindingConditionPtrOutput ¶
type DataPolicyIamBindingConditionPtrOutput struct{ *pulumi.OutputState }
func (DataPolicyIamBindingConditionPtrOutput) Description ¶
func (o DataPolicyIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput
func (DataPolicyIamBindingConditionPtrOutput) ElementType ¶
func (DataPolicyIamBindingConditionPtrOutput) ElementType() reflect.Type
func (DataPolicyIamBindingConditionPtrOutput) Expression ¶
func (o DataPolicyIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput
func (DataPolicyIamBindingConditionPtrOutput) Title ¶
func (o DataPolicyIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput
func (DataPolicyIamBindingConditionPtrOutput) ToDataPolicyIamBindingConditionPtrOutput ¶
func (o DataPolicyIamBindingConditionPtrOutput) ToDataPolicyIamBindingConditionPtrOutput() DataPolicyIamBindingConditionPtrOutput
func (DataPolicyIamBindingConditionPtrOutput) ToDataPolicyIamBindingConditionPtrOutputWithContext ¶
func (o DataPolicyIamBindingConditionPtrOutput) ToDataPolicyIamBindingConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamBindingConditionPtrOutput
type DataPolicyIamBindingInput ¶
type DataPolicyIamBindingInput interface { pulumi.Input ToDataPolicyIamBindingOutput() DataPolicyIamBindingOutput ToDataPolicyIamBindingOutputWithContext(ctx context.Context) DataPolicyIamBindingOutput }
type DataPolicyIamBindingMap ¶
type DataPolicyIamBindingMap map[string]DataPolicyIamBindingInput
func (DataPolicyIamBindingMap) ElementType ¶
func (DataPolicyIamBindingMap) ElementType() reflect.Type
func (DataPolicyIamBindingMap) ToDataPolicyIamBindingMapOutput ¶
func (i DataPolicyIamBindingMap) ToDataPolicyIamBindingMapOutput() DataPolicyIamBindingMapOutput
func (DataPolicyIamBindingMap) ToDataPolicyIamBindingMapOutputWithContext ¶
func (i DataPolicyIamBindingMap) ToDataPolicyIamBindingMapOutputWithContext(ctx context.Context) DataPolicyIamBindingMapOutput
type DataPolicyIamBindingMapInput ¶
type DataPolicyIamBindingMapInput interface { pulumi.Input ToDataPolicyIamBindingMapOutput() DataPolicyIamBindingMapOutput ToDataPolicyIamBindingMapOutputWithContext(context.Context) DataPolicyIamBindingMapOutput }
DataPolicyIamBindingMapInput is an input type that accepts DataPolicyIamBindingMap and DataPolicyIamBindingMapOutput values. You can construct a concrete instance of `DataPolicyIamBindingMapInput` via:
DataPolicyIamBindingMap{ "key": DataPolicyIamBindingArgs{...} }
type DataPolicyIamBindingMapOutput ¶
type DataPolicyIamBindingMapOutput struct{ *pulumi.OutputState }
func (DataPolicyIamBindingMapOutput) ElementType ¶
func (DataPolicyIamBindingMapOutput) ElementType() reflect.Type
func (DataPolicyIamBindingMapOutput) MapIndex ¶
func (o DataPolicyIamBindingMapOutput) MapIndex(k pulumi.StringInput) DataPolicyIamBindingOutput
func (DataPolicyIamBindingMapOutput) ToDataPolicyIamBindingMapOutput ¶
func (o DataPolicyIamBindingMapOutput) ToDataPolicyIamBindingMapOutput() DataPolicyIamBindingMapOutput
func (DataPolicyIamBindingMapOutput) ToDataPolicyIamBindingMapOutputWithContext ¶
func (o DataPolicyIamBindingMapOutput) ToDataPolicyIamBindingMapOutputWithContext(ctx context.Context) DataPolicyIamBindingMapOutput
type DataPolicyIamBindingOutput ¶
type DataPolicyIamBindingOutput struct{ *pulumi.OutputState }
func (DataPolicyIamBindingOutput) Condition ¶
func (o DataPolicyIamBindingOutput) Condition() DataPolicyIamBindingConditionPtrOutput
func (DataPolicyIamBindingOutput) DataPolicyId ¶
func (o DataPolicyIamBindingOutput) DataPolicyId() pulumi.StringOutput
func (DataPolicyIamBindingOutput) ElementType ¶
func (DataPolicyIamBindingOutput) ElementType() reflect.Type
func (DataPolicyIamBindingOutput) Etag ¶
func (o DataPolicyIamBindingOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (DataPolicyIamBindingOutput) Location ¶
func (o DataPolicyIamBindingOutput) Location() pulumi.StringOutput
The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.
func (DataPolicyIamBindingOutput) Members ¶
func (o DataPolicyIamBindingOutput) Members() pulumi.StringArrayOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (DataPolicyIamBindingOutput) Project ¶
func (o DataPolicyIamBindingOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
func (DataPolicyIamBindingOutput) Role ¶
func (o DataPolicyIamBindingOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (DataPolicyIamBindingOutput) ToDataPolicyIamBindingOutput ¶
func (o DataPolicyIamBindingOutput) ToDataPolicyIamBindingOutput() DataPolicyIamBindingOutput
func (DataPolicyIamBindingOutput) ToDataPolicyIamBindingOutputWithContext ¶
func (o DataPolicyIamBindingOutput) ToDataPolicyIamBindingOutputWithContext(ctx context.Context) DataPolicyIamBindingOutput
type DataPolicyIamBindingState ¶
type DataPolicyIamBindingState struct { Condition DataPolicyIamBindingConditionPtrInput DataPolicyId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (DataPolicyIamBindingState) ElementType ¶
func (DataPolicyIamBindingState) ElementType() reflect.Type
type DataPolicyIamMember ¶
type DataPolicyIamMember struct { pulumi.CustomResourceState Condition DataPolicyIamMemberConditionPtrOutput `pulumi:"condition"` DataPolicyId pulumi.StringOutput `pulumi:"dataPolicyId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` }
Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:
* `bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached. * `bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved. * `bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy
> **Note:** `bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `bigquerydatapolicy.DataPolicyIamBinding` and `bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.
> **Note:** `bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.
## bigquerydatapolicy.DataPolicyIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
## This resource supports User Project Overrides.
-
# IAM policy for BigQuery Data Policy DataPolicy Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:
* `bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached. * `bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved. * `bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy
> **Note:** `bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `bigquerydatapolicy.DataPolicyIamBinding` and `bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.
> **Note:** `bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.
## bigquerydatapolicy.DataPolicyIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms:
* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
* {{project}}/{{location}}/{{data_policy_id}}
* {{location}}/{{data_policy_id}}
* {{data_policy_id}}
Any variables not passed in the import command will be taken from the provider configuration.
BigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com" ```
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer" ```
IAM policy imports use the identifier of the resource in question, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} ```
-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetDataPolicyIamMember ¶
func GetDataPolicyIamMember(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DataPolicyIamMemberState, opts ...pulumi.ResourceOption) (*DataPolicyIamMember, error)
GetDataPolicyIamMember gets an existing DataPolicyIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewDataPolicyIamMember ¶
func NewDataPolicyIamMember(ctx *pulumi.Context, name string, args *DataPolicyIamMemberArgs, opts ...pulumi.ResourceOption) (*DataPolicyIamMember, error)
NewDataPolicyIamMember registers a new resource with the given unique name, arguments, and options.
func (*DataPolicyIamMember) ElementType ¶
func (*DataPolicyIamMember) ElementType() reflect.Type
func (*DataPolicyIamMember) ToDataPolicyIamMemberOutput ¶
func (i *DataPolicyIamMember) ToDataPolicyIamMemberOutput() DataPolicyIamMemberOutput
func (*DataPolicyIamMember) ToDataPolicyIamMemberOutputWithContext ¶
func (i *DataPolicyIamMember) ToDataPolicyIamMemberOutputWithContext(ctx context.Context) DataPolicyIamMemberOutput
type DataPolicyIamMemberArgs ¶
type DataPolicyIamMemberArgs struct { Condition DataPolicyIamMemberConditionPtrInput DataPolicyId pulumi.StringInput // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput }
The set of arguments for constructing a DataPolicyIamMember resource.
func (DataPolicyIamMemberArgs) ElementType ¶
func (DataPolicyIamMemberArgs) ElementType() reflect.Type
type DataPolicyIamMemberArray ¶
type DataPolicyIamMemberArray []DataPolicyIamMemberInput
func (DataPolicyIamMemberArray) ElementType ¶
func (DataPolicyIamMemberArray) ElementType() reflect.Type
func (DataPolicyIamMemberArray) ToDataPolicyIamMemberArrayOutput ¶
func (i DataPolicyIamMemberArray) ToDataPolicyIamMemberArrayOutput() DataPolicyIamMemberArrayOutput
func (DataPolicyIamMemberArray) ToDataPolicyIamMemberArrayOutputWithContext ¶
func (i DataPolicyIamMemberArray) ToDataPolicyIamMemberArrayOutputWithContext(ctx context.Context) DataPolicyIamMemberArrayOutput
type DataPolicyIamMemberArrayInput ¶
type DataPolicyIamMemberArrayInput interface { pulumi.Input ToDataPolicyIamMemberArrayOutput() DataPolicyIamMemberArrayOutput ToDataPolicyIamMemberArrayOutputWithContext(context.Context) DataPolicyIamMemberArrayOutput }
DataPolicyIamMemberArrayInput is an input type that accepts DataPolicyIamMemberArray and DataPolicyIamMemberArrayOutput values. You can construct a concrete instance of `DataPolicyIamMemberArrayInput` via:
DataPolicyIamMemberArray{ DataPolicyIamMemberArgs{...} }
type DataPolicyIamMemberArrayOutput ¶
type DataPolicyIamMemberArrayOutput struct{ *pulumi.OutputState }
func (DataPolicyIamMemberArrayOutput) ElementType ¶
func (DataPolicyIamMemberArrayOutput) ElementType() reflect.Type
func (DataPolicyIamMemberArrayOutput) Index ¶
func (o DataPolicyIamMemberArrayOutput) Index(i pulumi.IntInput) DataPolicyIamMemberOutput
func (DataPolicyIamMemberArrayOutput) ToDataPolicyIamMemberArrayOutput ¶
func (o DataPolicyIamMemberArrayOutput) ToDataPolicyIamMemberArrayOutput() DataPolicyIamMemberArrayOutput
func (DataPolicyIamMemberArrayOutput) ToDataPolicyIamMemberArrayOutputWithContext ¶
func (o DataPolicyIamMemberArrayOutput) ToDataPolicyIamMemberArrayOutputWithContext(ctx context.Context) DataPolicyIamMemberArrayOutput
type DataPolicyIamMemberConditionArgs ¶
type DataPolicyIamMemberConditionArgs struct { Description pulumi.StringPtrInput `pulumi:"description"` Expression pulumi.StringInput `pulumi:"expression"` Title pulumi.StringInput `pulumi:"title"` }
func (DataPolicyIamMemberConditionArgs) ElementType ¶
func (DataPolicyIamMemberConditionArgs) ElementType() reflect.Type
func (DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionOutput ¶
func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionOutput() DataPolicyIamMemberConditionOutput
func (DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionOutputWithContext ¶
func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionOutput
func (DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionPtrOutput ¶
func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput
func (DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionPtrOutputWithContext ¶
func (i DataPolicyIamMemberConditionArgs) ToDataPolicyIamMemberConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionPtrOutput
type DataPolicyIamMemberConditionInput ¶
type DataPolicyIamMemberConditionInput interface { pulumi.Input ToDataPolicyIamMemberConditionOutput() DataPolicyIamMemberConditionOutput ToDataPolicyIamMemberConditionOutputWithContext(context.Context) DataPolicyIamMemberConditionOutput }
DataPolicyIamMemberConditionInput is an input type that accepts DataPolicyIamMemberConditionArgs and DataPolicyIamMemberConditionOutput values. You can construct a concrete instance of `DataPolicyIamMemberConditionInput` via:
DataPolicyIamMemberConditionArgs{...}
type DataPolicyIamMemberConditionOutput ¶
type DataPolicyIamMemberConditionOutput struct{ *pulumi.OutputState }
func (DataPolicyIamMemberConditionOutput) Description ¶
func (o DataPolicyIamMemberConditionOutput) Description() pulumi.StringPtrOutput
func (DataPolicyIamMemberConditionOutput) ElementType ¶
func (DataPolicyIamMemberConditionOutput) ElementType() reflect.Type
func (DataPolicyIamMemberConditionOutput) Expression ¶
func (o DataPolicyIamMemberConditionOutput) Expression() pulumi.StringOutput
func (DataPolicyIamMemberConditionOutput) Title ¶
func (o DataPolicyIamMemberConditionOutput) Title() pulumi.StringOutput
func (DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionOutput ¶
func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionOutput() DataPolicyIamMemberConditionOutput
func (DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionOutputWithContext ¶
func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionOutput
func (DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionPtrOutput ¶
func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput
func (DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionPtrOutputWithContext ¶
func (o DataPolicyIamMemberConditionOutput) ToDataPolicyIamMemberConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionPtrOutput
type DataPolicyIamMemberConditionPtrInput ¶
type DataPolicyIamMemberConditionPtrInput interface { pulumi.Input ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput ToDataPolicyIamMemberConditionPtrOutputWithContext(context.Context) DataPolicyIamMemberConditionPtrOutput }
DataPolicyIamMemberConditionPtrInput is an input type that accepts DataPolicyIamMemberConditionArgs, DataPolicyIamMemberConditionPtr and DataPolicyIamMemberConditionPtrOutput values. You can construct a concrete instance of `DataPolicyIamMemberConditionPtrInput` via:
DataPolicyIamMemberConditionArgs{...} or: nil
func DataPolicyIamMemberConditionPtr ¶
func DataPolicyIamMemberConditionPtr(v *DataPolicyIamMemberConditionArgs) DataPolicyIamMemberConditionPtrInput
type DataPolicyIamMemberConditionPtrOutput ¶
type DataPolicyIamMemberConditionPtrOutput struct{ *pulumi.OutputState }
func (DataPolicyIamMemberConditionPtrOutput) Description ¶
func (o DataPolicyIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput
func (DataPolicyIamMemberConditionPtrOutput) ElementType ¶
func (DataPolicyIamMemberConditionPtrOutput) ElementType() reflect.Type
func (DataPolicyIamMemberConditionPtrOutput) Expression ¶
func (o DataPolicyIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput
func (DataPolicyIamMemberConditionPtrOutput) Title ¶
func (o DataPolicyIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput
func (DataPolicyIamMemberConditionPtrOutput) ToDataPolicyIamMemberConditionPtrOutput ¶
func (o DataPolicyIamMemberConditionPtrOutput) ToDataPolicyIamMemberConditionPtrOutput() DataPolicyIamMemberConditionPtrOutput
func (DataPolicyIamMemberConditionPtrOutput) ToDataPolicyIamMemberConditionPtrOutputWithContext ¶
func (o DataPolicyIamMemberConditionPtrOutput) ToDataPolicyIamMemberConditionPtrOutputWithContext(ctx context.Context) DataPolicyIamMemberConditionPtrOutput
type DataPolicyIamMemberInput ¶
type DataPolicyIamMemberInput interface { pulumi.Input ToDataPolicyIamMemberOutput() DataPolicyIamMemberOutput ToDataPolicyIamMemberOutputWithContext(ctx context.Context) DataPolicyIamMemberOutput }
type DataPolicyIamMemberMap ¶
type DataPolicyIamMemberMap map[string]DataPolicyIamMemberInput
func (DataPolicyIamMemberMap) ElementType ¶
func (DataPolicyIamMemberMap) ElementType() reflect.Type
func (DataPolicyIamMemberMap) ToDataPolicyIamMemberMapOutput ¶
func (i DataPolicyIamMemberMap) ToDataPolicyIamMemberMapOutput() DataPolicyIamMemberMapOutput
func (DataPolicyIamMemberMap) ToDataPolicyIamMemberMapOutputWithContext ¶
func (i DataPolicyIamMemberMap) ToDataPolicyIamMemberMapOutputWithContext(ctx context.Context) DataPolicyIamMemberMapOutput
type DataPolicyIamMemberMapInput ¶
type DataPolicyIamMemberMapInput interface { pulumi.Input ToDataPolicyIamMemberMapOutput() DataPolicyIamMemberMapOutput ToDataPolicyIamMemberMapOutputWithContext(context.Context) DataPolicyIamMemberMapOutput }
DataPolicyIamMemberMapInput is an input type that accepts DataPolicyIamMemberMap and DataPolicyIamMemberMapOutput values. You can construct a concrete instance of `DataPolicyIamMemberMapInput` via:
DataPolicyIamMemberMap{ "key": DataPolicyIamMemberArgs{...} }
type DataPolicyIamMemberMapOutput ¶
type DataPolicyIamMemberMapOutput struct{ *pulumi.OutputState }
func (DataPolicyIamMemberMapOutput) ElementType ¶
func (DataPolicyIamMemberMapOutput) ElementType() reflect.Type
func (DataPolicyIamMemberMapOutput) MapIndex ¶
func (o DataPolicyIamMemberMapOutput) MapIndex(k pulumi.StringInput) DataPolicyIamMemberOutput
func (DataPolicyIamMemberMapOutput) ToDataPolicyIamMemberMapOutput ¶
func (o DataPolicyIamMemberMapOutput) ToDataPolicyIamMemberMapOutput() DataPolicyIamMemberMapOutput
func (DataPolicyIamMemberMapOutput) ToDataPolicyIamMemberMapOutputWithContext ¶
func (o DataPolicyIamMemberMapOutput) ToDataPolicyIamMemberMapOutputWithContext(ctx context.Context) DataPolicyIamMemberMapOutput
type DataPolicyIamMemberOutput ¶
type DataPolicyIamMemberOutput struct{ *pulumi.OutputState }
func (DataPolicyIamMemberOutput) Condition ¶
func (o DataPolicyIamMemberOutput) Condition() DataPolicyIamMemberConditionPtrOutput
func (DataPolicyIamMemberOutput) DataPolicyId ¶
func (o DataPolicyIamMemberOutput) DataPolicyId() pulumi.StringOutput
func (DataPolicyIamMemberOutput) ElementType ¶
func (DataPolicyIamMemberOutput) ElementType() reflect.Type
func (DataPolicyIamMemberOutput) Etag ¶
func (o DataPolicyIamMemberOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (DataPolicyIamMemberOutput) Location ¶
func (o DataPolicyIamMemberOutput) Location() pulumi.StringOutput
The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.
func (DataPolicyIamMemberOutput) Member ¶
func (o DataPolicyIamMemberOutput) Member() pulumi.StringOutput
Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
func (DataPolicyIamMemberOutput) Project ¶
func (o DataPolicyIamMemberOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
func (DataPolicyIamMemberOutput) Role ¶
func (o DataPolicyIamMemberOutput) Role() pulumi.StringOutput
The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.
func (DataPolicyIamMemberOutput) ToDataPolicyIamMemberOutput ¶
func (o DataPolicyIamMemberOutput) ToDataPolicyIamMemberOutput() DataPolicyIamMemberOutput
func (DataPolicyIamMemberOutput) ToDataPolicyIamMemberOutputWithContext ¶
func (o DataPolicyIamMemberOutput) ToDataPolicyIamMemberOutputWithContext(ctx context.Context) DataPolicyIamMemberOutput
type DataPolicyIamMemberState ¶
type DataPolicyIamMemberState struct { Condition DataPolicyIamMemberConditionPtrInput DataPolicyId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // Identities that will be granted the privilege in `role`. // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput }
func (DataPolicyIamMemberState) ElementType ¶
func (DataPolicyIamMemberState) ElementType() reflect.Type
type DataPolicyIamPolicy ¶
type DataPolicyIamPolicy struct { pulumi.CustomResourceState DataPolicyId pulumi.StringOutput `pulumi:"dataPolicyId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` }
Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:
* `bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached. * `bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved. * `bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy
> **Note:** `bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `bigquerydatapolicy.DataPolicyIamBinding` and `bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.
> **Note:** `bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.
## bigquerydatapolicy.DataPolicyIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
## This resource supports User Project Overrides.
-
# IAM policy for BigQuery Data Policy DataPolicy Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:
* `bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached. * `bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved. * `bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.
A data source can be used to retrieve policy data in advent you do not need creation ¶
* `bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy
> **Note:** `bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `bigquerydatapolicy.DataPolicyIamBinding` and `bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.
> **Note:** `bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.
## bigquerydatapolicy.DataPolicyIamPolicy
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ Bindings: []organizations.GetIAMPolicyBinding{ { Role: "roles/viewer", Members: []string{ "user:jane@example.com", }, }, }, }, nil) if err != nil { return err } _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), PolicyData: pulumi.String(admin.PolicyData), }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamBinding
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Members: pulumi.StringArray{ pulumi.String("user:jane@example.com"), }, }) if err != nil { return err } return nil }) }
```
## bigquerydatapolicy.DataPolicyIamMember
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ Project: pulumi.Any(dataPolicy.Project), Location: pulumi.Any(dataPolicy.Location), DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), Role: pulumi.String("roles/viewer"), Member: pulumi.String("user:jane@example.com"), }) if err != nil { return err } return nil }) }
```
## Import
For all import syntaxes, the "resource in question" can take any of the following forms:
* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
* {{project}}/{{location}}/{{data_policy_id}}
* {{location}}/{{data_policy_id}}
* {{data_policy_id}}
Any variables not passed in the import command will be taken from the provider configuration.
BigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.
IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com" ```
IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer" ```
IAM policy imports use the identifier of the resource in question, e.g.
```sh $ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} ```
-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
func GetDataPolicyIamPolicy ¶
func GetDataPolicyIamPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DataPolicyIamPolicyState, opts ...pulumi.ResourceOption) (*DataPolicyIamPolicy, error)
GetDataPolicyIamPolicy gets an existing DataPolicyIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewDataPolicyIamPolicy ¶
func NewDataPolicyIamPolicy(ctx *pulumi.Context, name string, args *DataPolicyIamPolicyArgs, opts ...pulumi.ResourceOption) (*DataPolicyIamPolicy, error)
NewDataPolicyIamPolicy registers a new resource with the given unique name, arguments, and options.
func (*DataPolicyIamPolicy) ElementType ¶
func (*DataPolicyIamPolicy) ElementType() reflect.Type
func (*DataPolicyIamPolicy) ToDataPolicyIamPolicyOutput ¶
func (i *DataPolicyIamPolicy) ToDataPolicyIamPolicyOutput() DataPolicyIamPolicyOutput
func (*DataPolicyIamPolicy) ToDataPolicyIamPolicyOutputWithContext ¶
func (i *DataPolicyIamPolicy) ToDataPolicyIamPolicyOutputWithContext(ctx context.Context) DataPolicyIamPolicyOutput
type DataPolicyIamPolicyArgs ¶
type DataPolicyIamPolicyArgs struct { DataPolicyId pulumi.StringInput // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput }
The set of arguments for constructing a DataPolicyIamPolicy resource.
func (DataPolicyIamPolicyArgs) ElementType ¶
func (DataPolicyIamPolicyArgs) ElementType() reflect.Type
type DataPolicyIamPolicyArray ¶
type DataPolicyIamPolicyArray []DataPolicyIamPolicyInput
func (DataPolicyIamPolicyArray) ElementType ¶
func (DataPolicyIamPolicyArray) ElementType() reflect.Type
func (DataPolicyIamPolicyArray) ToDataPolicyIamPolicyArrayOutput ¶
func (i DataPolicyIamPolicyArray) ToDataPolicyIamPolicyArrayOutput() DataPolicyIamPolicyArrayOutput
func (DataPolicyIamPolicyArray) ToDataPolicyIamPolicyArrayOutputWithContext ¶
func (i DataPolicyIamPolicyArray) ToDataPolicyIamPolicyArrayOutputWithContext(ctx context.Context) DataPolicyIamPolicyArrayOutput
type DataPolicyIamPolicyArrayInput ¶
type DataPolicyIamPolicyArrayInput interface { pulumi.Input ToDataPolicyIamPolicyArrayOutput() DataPolicyIamPolicyArrayOutput ToDataPolicyIamPolicyArrayOutputWithContext(context.Context) DataPolicyIamPolicyArrayOutput }
DataPolicyIamPolicyArrayInput is an input type that accepts DataPolicyIamPolicyArray and DataPolicyIamPolicyArrayOutput values. You can construct a concrete instance of `DataPolicyIamPolicyArrayInput` via:
DataPolicyIamPolicyArray{ DataPolicyIamPolicyArgs{...} }
type DataPolicyIamPolicyArrayOutput ¶
type DataPolicyIamPolicyArrayOutput struct{ *pulumi.OutputState }
func (DataPolicyIamPolicyArrayOutput) ElementType ¶
func (DataPolicyIamPolicyArrayOutput) ElementType() reflect.Type
func (DataPolicyIamPolicyArrayOutput) Index ¶
func (o DataPolicyIamPolicyArrayOutput) Index(i pulumi.IntInput) DataPolicyIamPolicyOutput
func (DataPolicyIamPolicyArrayOutput) ToDataPolicyIamPolicyArrayOutput ¶
func (o DataPolicyIamPolicyArrayOutput) ToDataPolicyIamPolicyArrayOutput() DataPolicyIamPolicyArrayOutput
func (DataPolicyIamPolicyArrayOutput) ToDataPolicyIamPolicyArrayOutputWithContext ¶
func (o DataPolicyIamPolicyArrayOutput) ToDataPolicyIamPolicyArrayOutputWithContext(ctx context.Context) DataPolicyIamPolicyArrayOutput
type DataPolicyIamPolicyInput ¶
type DataPolicyIamPolicyInput interface { pulumi.Input ToDataPolicyIamPolicyOutput() DataPolicyIamPolicyOutput ToDataPolicyIamPolicyOutputWithContext(ctx context.Context) DataPolicyIamPolicyOutput }
type DataPolicyIamPolicyMap ¶
type DataPolicyIamPolicyMap map[string]DataPolicyIamPolicyInput
func (DataPolicyIamPolicyMap) ElementType ¶
func (DataPolicyIamPolicyMap) ElementType() reflect.Type
func (DataPolicyIamPolicyMap) ToDataPolicyIamPolicyMapOutput ¶
func (i DataPolicyIamPolicyMap) ToDataPolicyIamPolicyMapOutput() DataPolicyIamPolicyMapOutput
func (DataPolicyIamPolicyMap) ToDataPolicyIamPolicyMapOutputWithContext ¶
func (i DataPolicyIamPolicyMap) ToDataPolicyIamPolicyMapOutputWithContext(ctx context.Context) DataPolicyIamPolicyMapOutput
type DataPolicyIamPolicyMapInput ¶
type DataPolicyIamPolicyMapInput interface { pulumi.Input ToDataPolicyIamPolicyMapOutput() DataPolicyIamPolicyMapOutput ToDataPolicyIamPolicyMapOutputWithContext(context.Context) DataPolicyIamPolicyMapOutput }
DataPolicyIamPolicyMapInput is an input type that accepts DataPolicyIamPolicyMap and DataPolicyIamPolicyMapOutput values. You can construct a concrete instance of `DataPolicyIamPolicyMapInput` via:
DataPolicyIamPolicyMap{ "key": DataPolicyIamPolicyArgs{...} }
type DataPolicyIamPolicyMapOutput ¶
type DataPolicyIamPolicyMapOutput struct{ *pulumi.OutputState }
func (DataPolicyIamPolicyMapOutput) ElementType ¶
func (DataPolicyIamPolicyMapOutput) ElementType() reflect.Type
func (DataPolicyIamPolicyMapOutput) MapIndex ¶
func (o DataPolicyIamPolicyMapOutput) MapIndex(k pulumi.StringInput) DataPolicyIamPolicyOutput
func (DataPolicyIamPolicyMapOutput) ToDataPolicyIamPolicyMapOutput ¶
func (o DataPolicyIamPolicyMapOutput) ToDataPolicyIamPolicyMapOutput() DataPolicyIamPolicyMapOutput
func (DataPolicyIamPolicyMapOutput) ToDataPolicyIamPolicyMapOutputWithContext ¶
func (o DataPolicyIamPolicyMapOutput) ToDataPolicyIamPolicyMapOutputWithContext(ctx context.Context) DataPolicyIamPolicyMapOutput
type DataPolicyIamPolicyOutput ¶
type DataPolicyIamPolicyOutput struct{ *pulumi.OutputState }
func (DataPolicyIamPolicyOutput) DataPolicyId ¶
func (o DataPolicyIamPolicyOutput) DataPolicyId() pulumi.StringOutput
func (DataPolicyIamPolicyOutput) ElementType ¶
func (DataPolicyIamPolicyOutput) ElementType() reflect.Type
func (DataPolicyIamPolicyOutput) Etag ¶
func (o DataPolicyIamPolicyOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (DataPolicyIamPolicyOutput) Location ¶
func (o DataPolicyIamPolicyOutput) Location() pulumi.StringOutput
The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration.
func (DataPolicyIamPolicyOutput) PolicyData ¶
func (o DataPolicyIamPolicyOutput) PolicyData() pulumi.StringOutput
The policy data generated by a `organizations.getIAMPolicy` data source.
func (DataPolicyIamPolicyOutput) Project ¶
func (o DataPolicyIamPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
func (DataPolicyIamPolicyOutput) ToDataPolicyIamPolicyOutput ¶
func (o DataPolicyIamPolicyOutput) ToDataPolicyIamPolicyOutput() DataPolicyIamPolicyOutput
func (DataPolicyIamPolicyOutput) ToDataPolicyIamPolicyOutputWithContext ¶
func (o DataPolicyIamPolicyOutput) ToDataPolicyIamPolicyOutputWithContext(ctx context.Context) DataPolicyIamPolicyOutput
type DataPolicyIamPolicyState ¶
type DataPolicyIamPolicyState struct { DataPolicyId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput }
func (DataPolicyIamPolicyState) ElementType ¶
func (DataPolicyIamPolicyState) ElementType() reflect.Type
type DataPolicyInput ¶
type DataPolicyInput interface { pulumi.Input ToDataPolicyOutput() DataPolicyOutput ToDataPolicyOutputWithContext(ctx context.Context) DataPolicyOutput }
type DataPolicyMap ¶
type DataPolicyMap map[string]DataPolicyInput
func (DataPolicyMap) ElementType ¶
func (DataPolicyMap) ElementType() reflect.Type
func (DataPolicyMap) ToDataPolicyMapOutput ¶
func (i DataPolicyMap) ToDataPolicyMapOutput() DataPolicyMapOutput
func (DataPolicyMap) ToDataPolicyMapOutputWithContext ¶
func (i DataPolicyMap) ToDataPolicyMapOutputWithContext(ctx context.Context) DataPolicyMapOutput
type DataPolicyMapInput ¶
type DataPolicyMapInput interface { pulumi.Input ToDataPolicyMapOutput() DataPolicyMapOutput ToDataPolicyMapOutputWithContext(context.Context) DataPolicyMapOutput }
DataPolicyMapInput is an input type that accepts DataPolicyMap and DataPolicyMapOutput values. You can construct a concrete instance of `DataPolicyMapInput` via:
DataPolicyMap{ "key": DataPolicyArgs{...} }
type DataPolicyMapOutput ¶
type DataPolicyMapOutput struct{ *pulumi.OutputState }
func (DataPolicyMapOutput) ElementType ¶
func (DataPolicyMapOutput) ElementType() reflect.Type
func (DataPolicyMapOutput) MapIndex ¶
func (o DataPolicyMapOutput) MapIndex(k pulumi.StringInput) DataPolicyOutput
func (DataPolicyMapOutput) ToDataPolicyMapOutput ¶
func (o DataPolicyMapOutput) ToDataPolicyMapOutput() DataPolicyMapOutput
func (DataPolicyMapOutput) ToDataPolicyMapOutputWithContext ¶
func (o DataPolicyMapOutput) ToDataPolicyMapOutputWithContext(ctx context.Context) DataPolicyMapOutput
type DataPolicyOutput ¶
type DataPolicyOutput struct{ *pulumi.OutputState }
func (DataPolicyOutput) DataMaskingPolicy ¶
func (o DataPolicyOutput) DataMaskingPolicy() DataPolicyDataMaskingPolicyPtrOutput
The data masking policy that specifies the data masking rule to use. Structure is documented below.
func (DataPolicyOutput) DataPolicyId ¶
func (o DataPolicyOutput) DataPolicyId() pulumi.StringOutput
User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.
func (DataPolicyOutput) DataPolicyType ¶
func (o DataPolicyOutput) DataPolicyType() pulumi.StringOutput
The enrollment level of the service. Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`.
***
func (DataPolicyOutput) ElementType ¶
func (DataPolicyOutput) ElementType() reflect.Type
func (DataPolicyOutput) Location ¶
func (o DataPolicyOutput) Location() pulumi.StringOutput
The name of the location of the data policy.
func (DataPolicyOutput) Name ¶
func (o DataPolicyOutput) Name() pulumi.StringOutput
Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.
func (DataPolicyOutput) PolicyTag ¶
func (o DataPolicyOutput) PolicyTag() pulumi.StringOutput
Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.
func (DataPolicyOutput) Project ¶
func (o DataPolicyOutput) Project() pulumi.StringOutput
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
func (DataPolicyOutput) ToDataPolicyOutput ¶
func (o DataPolicyOutput) ToDataPolicyOutput() DataPolicyOutput
func (DataPolicyOutput) ToDataPolicyOutputWithContext ¶
func (o DataPolicyOutput) ToDataPolicyOutputWithContext(ctx context.Context) DataPolicyOutput
type DataPolicyState ¶
type DataPolicyState struct { // The data masking policy that specifies the data masking rule to use. // Structure is documented below. DataMaskingPolicy DataPolicyDataMaskingPolicyPtrInput // User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. DataPolicyId pulumi.StringPtrInput // The enrollment level of the service. // Possible values are: `COLUMN_LEVEL_SECURITY_POLICY`, `DATA_MASKING_POLICY`. // // *** DataPolicyType pulumi.StringPtrInput // The name of the location of the data policy. Location pulumi.StringPtrInput // Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. Name pulumi.StringPtrInput // Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. PolicyTag pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput }
func (DataPolicyState) ElementType ¶
func (DataPolicyState) ElementType() reflect.Type
type GetIamPolicyArgs ¶
type GetIamPolicyArgs struct { DataPolicyId string `pulumi:"dataPolicyId"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` }
A collection of arguments for invoking getIamPolicy.
type GetIamPolicyOutputArgs ¶
type GetIamPolicyOutputArgs struct { DataPolicyId pulumi.StringInput `pulumi:"dataPolicyId"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput `pulumi:"location"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput `pulumi:"project"` }
A collection of arguments for invoking getIamPolicy.
func (GetIamPolicyOutputArgs) ElementType ¶
func (GetIamPolicyOutputArgs) ElementType() reflect.Type
type GetIamPolicyResult ¶
type GetIamPolicyResult struct { DataPolicyId string `pulumi:"dataPolicyId"` // (Computed) The etag of the IAM policy. Etag string `pulumi:"etag"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Location string `pulumi:"location"` // (Required only by `bigquerydatapolicy.DataPolicyIamPolicy`) The policy data generated by // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` Project string `pulumi:"project"` }
A collection of values returned by getIamPolicy.
func GetIamPolicy ¶
func GetIamPolicy(ctx *pulumi.Context, args *GetIamPolicyArgs, opts ...pulumi.InvokeOption) (*GetIamPolicyResult, error)
Retrieves the current IAM policy data for datapolicy
## example
```go package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/bigquerydatapolicy" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := bigquerydatapolicy.GetIamPolicy(ctx, &bigquerydatapolicy.GetIamPolicyArgs{ Project: pulumi.StringRef(dataPolicy.Project), Location: pulumi.StringRef(dataPolicy.Location), DataPolicyId: dataPolicy.DataPolicyId, }, nil) if err != nil { return err } return nil }) }
```
type GetIamPolicyResultOutput ¶
type GetIamPolicyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getIamPolicy.
func GetIamPolicyOutput ¶
func GetIamPolicyOutput(ctx *pulumi.Context, args GetIamPolicyOutputArgs, opts ...pulumi.InvokeOption) GetIamPolicyResultOutput
func (GetIamPolicyResultOutput) DataPolicyId ¶
func (o GetIamPolicyResultOutput) DataPolicyId() pulumi.StringOutput
func (GetIamPolicyResultOutput) ElementType ¶
func (GetIamPolicyResultOutput) ElementType() reflect.Type
func (GetIamPolicyResultOutput) Etag ¶
func (o GetIamPolicyResultOutput) Etag() pulumi.StringOutput
(Computed) The etag of the IAM policy.
func (GetIamPolicyResultOutput) Id ¶
func (o GetIamPolicyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetIamPolicyResultOutput) Location ¶
func (o GetIamPolicyResultOutput) Location() pulumi.StringOutput
func (GetIamPolicyResultOutput) PolicyData ¶
func (o GetIamPolicyResultOutput) PolicyData() pulumi.StringOutput
(Required only by `bigquerydatapolicy.DataPolicyIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.
func (GetIamPolicyResultOutput) Project ¶
func (o GetIamPolicyResultOutput) Project() pulumi.StringOutput
func (GetIamPolicyResultOutput) ToGetIamPolicyResultOutput ¶
func (o GetIamPolicyResultOutput) ToGetIamPolicyResultOutput() GetIamPolicyResultOutput
func (GetIamPolicyResultOutput) ToGetIamPolicyResultOutputWithContext ¶
func (o GetIamPolicyResultOutput) ToGetIamPolicyResultOutputWithContext(ctx context.Context) GetIamPolicyResultOutput