Search code examples
google-cloud-platformgoogle-bigqueryterraformterraform-provider-gcpgoogle-iam

Is there a way to apply policy tags to columns in BigQuery via Terraform?

Is there a way to apply policy tags to columns in BigQuery (GCP) via Terraform? Any pointers would be appreciated. I believe we can create policy tags and taxonomies like this.

But how do I map/apply them to a column in a table? E.g such as the one given below, I’m creating a table using terraform and want to apply a policy tag to one of its columns. Any tutorials, code samples, guides etc. would be highly appreciated if there exists a possibility to do this via Terraform:

resource "google_bigquery_table" "table_with_pii" {

  provider   = google-beta

  dataset_id = google_bigquery_dataset.integration_testing_dataset.dataset_id

  table_id   = "table_with_pii"




  schema = <<EOF

[

  {

    "name": "col1",

    "type": "STRING",

    "mode": "NULLABLE",

    "description": "This is col1. It's a PII column."

  },

  {

    "name": "col2",

    "type": "BOOLEAN",

    "mode": "NULLABLE",

    "description": "This is col2"

  }

]

EOF

}

I've scanned through the relevant resources on the Terraform registry but I haven't come across such options yet. I'm not sure if the code block mentioned in this thread is a rolled out feature of just pseudo-code. Because, whenever, I run terraform validate after adding such a mapping, I get the error that policy_tags is not a valid option. Am I missing something?

Solution

  • Yes, you can use terraform to apply policy tags to individual columns by specifying the name of your policy tag within the definition of the table's schema:

    resource "google_bigquery_dataset" "default" {
  dataset_id                  = "foo"

resource "google_bigquery_table" "default" {
  dataset_id = google_bigquery_dataset.default.dataset_id
  table_id   = "bar"

  schema = <<EOF
[
  {
    "name": "log_id",
    "type": "STRING"
  },
  {
    "name": "address",
    "type": "STRING",
    "mode": "NULLABLE",
    "description": "Address where the head office is located",
    "policyTags": {
      "names": [
        "${var.policy_tag_id}"
      ]
    }
  }
]
EOF

}

    Define the variable for this policy tag by adding the following to your variables.tf file:

    variable "policy_tag_id" {
  description = "Policy tag to apply to the relevant columns"
  type = string
  nullable = true
  default = null
}

    And add to your terraform.tfvars file the URI for the policy tag, which you can find in the GCP UI.

    policy_tag_id = "projects/your_project_id/locations/your_location/taxonomies/your_taxonomy_id/policyTags/your_policytag_id"