This module simplifies the creation of Data Catalog Policy Tags. Policy Tags can be used to configure Bigquery column-level access.
Note: Data Catalog is still in beta, hence this module currently uses the beta provider.
module "cmn-dc" {
source = "./fabric/modules/data-catalog-policy-tag"
name = "my-datacatalog-policy-tags"
project_id = "my-project"
tags = {
low = {}
medium = {}
high = {}
}
}
# tftest modules=1 resources=4
module "cmn-dc" {
source = "./fabric/modules/data-catalog-policy-tag"
name = "my-datacatalog-policy-tags"
project_id = "my-project"
tags = {
low = {}
medium = {}
high = {
iam = {
"roles/datacatalog.categoryFineGrainedReader" = [
"group:[email protected]"
]
}
}
}
iam = {
"roles/datacatalog.categoryAdmin" = ["group:[email protected]"]
}
iam_members = {
am1-admin = {
member = "user:[email protected]"
role = "roles/datacatalog.categoryAdmin"
}
}
}
# tftest modules=1 resources=7
name | description | type | required | default |
---|---|---|---|---|
name | Name of this taxonomy. | string |
✓ | |
project_id | GCP project id. |
|
✓ | |
activated_policy_types | A list of policy types that are activated for this taxonomy. | list(string) |
["FINE_GRAINED_ACCESS_CONTROL"] |
|
description | Description of this taxonomy. | string |
"Taxonomy - Terraform managed" |
|
group_iam | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the iam variable. |
map(list(string)) |
{} |
|
iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
iam_additive | IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
iam_additive_members | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) |
{} |
|
iam_members | Individual additive IAM bindings, use this when iam_additive does not work due to dynamic resources. Keys are arbitrary and only used for the internal loop. | map(object({…})) |
{} |
|
location | Data Catalog Taxonomy location. | string |
"eu" |
|
prefix | Optional prefix used to generate project id and name. | string |
null |
|
tags | List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. | map(object({…})) |
{} |
name | description | sensitive |
---|---|---|
id | Fully qualified taxonomy id. | |
tags | Policy Tags. |
- Support IAM at tag level.
- Support Child policy tags