Skip to content

Latest commit

 

History

History
 
 

data-catalog-policy-tag

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
iam.tf
iam.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Data Catalog Module

This module simplifies the creation of Data Catalog Policy Tags. Policy Tags can be used to configure Bigquery column-level access.

Note: Data Catalog is still in beta, hence this module currently uses the beta provider.

Examples

Simple Taxonomy with policy tags

module "cmn-dc" {
  source     = "./fabric/modules/data-catalog-policy-tag"
  name       = "my-datacatalog-policy-tags"
  project_id = "my-project"
  tags       = {
    low = null, medium = null, high = null
  }
}
# tftest modules=1 resources=4

Taxonomy with IAM binding

module "cmn-dc" {
  source     = "./fabric/modules/data-catalog-policy-tag"
  name       = "my-datacatalog-policy-tags"
  project_id = "my-project"
  tags       = { 
    low = null
    medium = null
    high = {"roles/datacatalog.categoryFineGrainedReader" = ["group:[email protected]"]}
  }
  iam = {
    "roles/datacatalog.categoryAdmin" = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=6

Variables

name description type required default
name Name of this taxonomy. string
project_id GCP project id.
activated_policy_types A list of policy types that are activated for this taxonomy. list(string) ["FINE_GRAINED_ACCESS_CONTROL"]
description Description of this taxonomy. string "Taxonomy - Terraform managed"
group_iam Authoritative IAM binding for organization groups, in {GROUP_EMAIL => [ROLES]} format. Group emails need to be static. Can be used in combination with the iam variable. map(list(string)) {}
iam IAM bindings in {ROLE => [MEMBERS]} format. map(list(string)) {}
iam_additive IAM additive bindings in {ROLE => [MEMBERS]} format. map(list(string)) {}
iam_additive_members IAM additive bindings in {MEMBERS => [ROLE]} format. This might break if members are dynamic values. map(list(string)) {}
location Data Catalog Taxonomy location. string "eu"
prefix Prefix used to generate project id and name. string null
tags List of Data Catalog Policy tags to be created with optional IAM binging configuration in {tag => {ROLE => [MEMBERS]}} format. map(map(list(string))) {}

Outputs

name description sensitive
tags Policy Tags.
taxonomy_id Taxonomy id.

TODO

  • Support IAM at tag level.
  • Support Child policy tags