This module simplifies the creation of Data Catalog Policy Tags. Policy Tags can be used to configure Bigquery column-level access.
Note: Data Catalog is still in beta, hence this module currently uses the beta provider.
module "cmn-dc" {
source = "./modules/data-catalog-policy-tag"
name = "my-datacatalog-policy-tags"
project_id = "my-project"
tags = ["low", "medium", "high"]
}
# tftest modules=1 resources=4module "cmn-dc" {
source = "./modules/data-catalog-policy-tag"
name = "my-datacatalog-policy-tags"
project_id = "my-project"
tags = ["low", "medium", "high"]
iam = {
"roles/datacatalog.categoryAdmin" = ["group:GROUP_NAME@example.com"]
}
}
# tftest modules=1 resources=5| name | description | type | required | default |
|---|---|---|---|---|
| name | Name of this taxonomy. | string |
✓ | |
| project_id | GCP project id. | |
✓ | |
| activated_policy_types | A list of policy types that are activated for this taxonomy. | list(string) |
["FINE_GRAINED_ACCESS_CONTROL"] |
|
| description | Description of this taxonomy. | string |
"Taxonomy - Terraform managed" |
|
| group_iam | Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the iam variable. |
map(list(string)) |
{} |
|
| iam | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
| iam_additive | IAM additive bindings in {ROLE => [MEMBERS]} format. | map(list(string)) |
{} |
|
| iam_additive_members | IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. | map(list(string)) |
{} |
|
| location | Data Catalog Taxonomy location. | string |
"eu" |
|
| prefix | Prefix used to generate project id and name. | string |
null |
|
| tags | List of Data Catalog Policy tags to be created. | list(string) |
[] |
| name | description | sensitive |
|---|---|---|
| tags | Policy Tags. | |
| taxonomy_id | Taxonomy id. |
- Support IAM at tag level.
- Support Child policy tags