bigquerydatapolicy: support routine (GoogleCloudPlatform#10388)

pawelJas · May 16, 2024 · 9990cb6 · 9990cb6
1 parent 6a37748
commit 9990cb6
Show file tree

Hide file tree

Showing 4 changed files with 169 additions and 18 deletions.
diff --git a/mmv1/products/bigquerydatapolicy/DataPolicy.yaml b/mmv1/products/bigquerydatapolicy/DataPolicy.yaml
@@ -48,6 +48,15 @@ examples:
     vars:
       data_policy_id: 'data_policy'
       taxonomy: 'taxonomy'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'bigquery_datapolicy_data_policy_routine'
+    primary_resource_id: 'data_policy'
+    primary_resource_name:
+      'fmt.Sprintf("tf_test_data_policy%s", context["random_suffix"])'
+    vars:
+      data_policy_id: 'data_policy'
+      taxonomy: 'taxonomy'
+      dataset_id: 'dataset_id'
 properties:
   - !ruby/object:Api::Type::String
     name: name
@@ -88,7 +97,9 @@ properties:
     properties:
       - !ruby/object:Api::Type::Enum
         name: 'predefinedExpression'
-        required: true
+        exactly_one_of:
+          - data_masking_policy.0.predefined_expression
+          - data_masking_policy.0.routine
         description: |-
           The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
         values:
@@ -99,3 +110,11 @@ properties:
           - :FIRST_FOUR_CHARACTERS
           - :EMAIL_MASK
           - :DATE_YEAR_MASK
+      - !ruby/object:Api::Type::String
+        exactly_one_of:
+          - data_masking_policy.0.predefined_expression
+          - data_masking_policy.0.routine
+        name: routine
+        diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress'
+        description: |-
+          The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
diff --git a/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb b/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb
@@ -1,19 +1,19 @@
 resource "google_bigquery_datapolicy_data_policy" "<%= ctx[:primary_resource_id] %>" {
-    location         = "us-central1"
-    data_policy_id   = "<%= ctx[:vars]['data_policy_id'] %>"
-    policy_tag       = google_data_catalog_policy_tag.policy_tag.name
-    data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
-  }
+  location         = "us-central1"
+  data_policy_id   = "<%= ctx[:vars]['data_policy_id'] %>"
+  policy_tag       = google_data_catalog_policy_tag.policy_tag.name
+  data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
+}
 
-  resource "google_data_catalog_policy_tag" "policy_tag" {
-    taxonomy     = google_data_catalog_taxonomy.taxonomy.id
-    display_name = "Low security"
-    description  = "A policy tag normally associated with low security items"
-  }
-  
-  resource "google_data_catalog_taxonomy" "taxonomy" {
-    region                 = "us-central1"
-    display_name           = "<%= ctx[:vars]['taxonomy'] %>"
-    description            = "A collection of policy tags"
-    activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
-  }
+resource "google_data_catalog_policy_tag" "policy_tag" {
+  taxonomy     = google_data_catalog_taxonomy.taxonomy.id
+  display_name = "Low security"
+  description  = "A policy tag normally associated with low security items"
+}
+
+resource "google_data_catalog_taxonomy" "taxonomy" {
+  region                 = "us-central1"
+  display_name           = "<%= ctx[:vars]['taxonomy'] %>"
+  description            = "A collection of policy tags"
+  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+}
diff --git a/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_routine.tf.erb b/mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_routine.tf.erb
@@ -0,0 +1,42 @@
+resource "google_bigquery_datapolicy_data_policy" "<%= ctx[:primary_resource_id] %>" {
+  location         = "us-central1"
+  data_policy_id   = "<%= ctx[:vars]['data_policy_id'] %>"
+  policy_tag       = google_data_catalog_policy_tag.policy_tag.name
+  data_policy_type = "DATA_MASKING_POLICY"  
+  data_masking_policy {
+    routine = google_bigquery_routine.custom_masking_routine.id
+  }
+}
+
+resource "google_data_catalog_policy_tag" "policy_tag" {
+  taxonomy     = google_data_catalog_taxonomy.taxonomy.id
+  display_name = "Low security"
+  description  = "A policy tag normally associated with low security items"
+}
+
+resource "google_data_catalog_taxonomy" "taxonomy" {
+  region                 = "us-central1"
+  display_name           = "<%= ctx[:vars]['taxonomy'] %>"
+  description            = "A collection of policy tags"
+  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+}
+
+resource "google_bigquery_dataset" "test" {
+  dataset_id = "<%= ctx[:vars]['dataset_id'] %>"
+  location   = "us-central1"
+}
+
+resource "google_bigquery_routine" "custom_masking_routine" {
+	dataset_id           = google_bigquery_dataset.test.dataset_id
+	routine_id           = "custom_masking_routine"
+	routine_type         = "SCALAR_FUNCTION"
+	language             = "SQL"
+	data_governance_type = "DATA_MASKING"
+	definition_body      = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"
+	return_type          = "{\"typeKind\" :  \"STRING\"}"
+
+	arguments {
+	  name = "ssn"
+	  data_type = "{\"typeKind\" :  \"STRING\"}"
+	} 
+}
diff --git a/...ty/terraform/services/bigquerydatapolicy/resource_bigquery_datapolicy_data_policy_test.go b/...ty/terraform/services/bigquerydatapolicy/resource_bigquery_datapolicy_data_policy_test.go
@@ -35,6 +35,34 @@ func TestAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(t *t
 	})
 }
 
+func TestAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyRoutineUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckBigqueryDatapolicyDataPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyRoutineExample(context),
+			},
+			{
+				ResourceName:            "google_bigquery_datapolicy_data_policy.data_policy",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location"},
+			},
+			{
+				Config: testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyRoutineUpdate(context),
+			},
+		},
+	})
+}
+
 func testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_bigquery_datapolicy_data_policy" "data_policy" {
@@ -74,3 +102,65 @@ resource "google_bigquery_datapolicy_data_policy" "data_policy" {
   }
 `, context)
 }
+
+func testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyRoutineUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_bigquery_datapolicy_data_policy" "data_policy" {
+  location         = "us-central1"
+  data_policy_id   = "tf_test_data_policy%{random_suffix}"
+  policy_tag       = google_data_catalog_policy_tag.policy_tag.name
+  data_policy_type = "DATA_MASKING_POLICY"  
+  data_masking_policy {
+    routine = google_bigquery_routine.custom_masking_routine_updated.id
+  }
+}
+
+resource "google_data_catalog_policy_tag" "policy_tag" {
+  taxonomy     = google_data_catalog_taxonomy.taxonomy.id
+  display_name = "Low security"
+  description  = "A policy tag normally associated with low security items"
+}
+  
+resource "google_data_catalog_taxonomy" "taxonomy" {
+  region                 = "us-central1"
+  display_name           = "taxonomy%{random_suffix}"
+  description            = "A collection of policy tags"
+  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+}
+
+resource "google_bigquery_dataset" "test" {
+  dataset_id = "tf_test_dataset_id%{random_suffix}"
+  location   = "us-central1"
+}
+
+resource "google_bigquery_routine" "custom_masking_routine" {
+	dataset_id           = google_bigquery_dataset.test.dataset_id
+	routine_id           = "custom_masking_routine"
+	routine_type         = "SCALAR_FUNCTION"
+	language             = "SQL"
+	data_governance_type = "DATA_MASKING"
+	definition_body      = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"
+	return_type          = "{\"typeKind\" :  \"STRING\"}"
+
+	arguments {
+	  name = "ssn"
+	  data_type = "{\"typeKind\" :  \"STRING\"}"
+	} 
+}
+
+resource "google_bigquery_routine" "custom_masking_routine_updated" {
+	dataset_id           = google_bigquery_dataset.test.dataset_id
+	routine_id           = "custom_masking_routine_update"
+	routine_type         = "SCALAR_FUNCTION"
+	language             = "SQL"
+	data_governance_type = "DATA_MASKING"
+	definition_body      = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"
+	return_type          = "{\"typeKind\" :  \"STRING\"}"
+
+	arguments {
+	  name = "ssn"
+	  data_type = "{\"typeKind\" :  \"STRING\"}"
+	} 
+}
+`, context)
+}