Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply policy tag to existing BigQuery table's columns #18130

Open
adivardhansingh opened this issue May 14, 2024 · 4 comments
Open

Apply policy tag to existing BigQuery table's columns #18130

adivardhansingh opened this issue May 14, 2024 · 4 comments
Labels
enhancement forward/linked service/bigquery
Milestone
Goals

Comments

@adivardhansingh
Copy link

adivardhansingh commented May 14, 2024
edited by modular-magician

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

NOTE: I am super new to terraform and Big Query, so please bash me politely

I want to apply policy tags (existing or new) to any existing BigQuery table's column in any dataset

  • I could create policy tags via terraform
  • I could also create tables via terraform and supply policy tags while creating table
  • I CANNOT see an option to apply an existing policy tag to an existing tables' column

I think it would be very good to have an option to apply policy tags to existing column

BTW - isn't policy tag moved from data catalog to Big Query now?

New or Affected Resource(s)

  • google_bigquery_dataset
  • google_bigquery_table
  • google_data_catalog_policy_tag

Potential Terraform Configuration

resource "google_bigquery_table" "default" {
  dataset_id         = local.gcp_bq_dataset_id
  table_id           = "rm_case_master"
  policy_tag_column  = local.policy_tag_column_json
}

JSON file

[
  {
    "column_name": "user_id",
    "policy_tag": "projects/logi-dwh-poc/locations/asia-northeast1/taxonomies/4140563373860611878/policyTags/629151118535745957"
  }
]

References

#6075

b/341750789
@melinath melinath removed forward/review In review; remove label to forward service/datacatalog labels May 20, 2024
@melinath melinath added this to the Goals milestone May 20, 2024
@melinath
Copy link
Collaborator

Note from triage: We are not familiar enough with the product to determine whether or not this operation should be supported (or whether or not it currently is possible.) Forwarding to the service team for resolution.

@wj-chen
Copy link

wj-chen commented May 21, 2024

Hi @adivardhansingh, thanks for trying out BigQuery Terraform. Could you describe more what you are trying to achieve with the following:

I CANNOT see an option to apply an existing policy tag to an existing tables' column

Do you have any link to any documentation that describes the equivalent use case using another client (UI/CLI/API/client libraries)?

And do you have a sample config for how you are currently doing the following:

I could also create tables via terraform and supply policy tags while creating table

And in response to the following question:

BTW - isn't policy tag moved from data catalog to Big Query now?

There is a BigQuery Data Policy resource in Terraform (https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_datapolicy_data_policy) that build on top of google_data_catalog_policy_tag. Is that what you are looking for? If you can share your use case more, we can help you identify the best resource to use.

@adivardhan
Copy link

Hello @wj-chen

Do you have any link to any documentation that describes the equivalent use case using another client (UI/CLI/API/client libraries)?

Let me describe my problem in simpler words, and I apologize that I was not clear earlier.

In a nutshell, I want to use terraform to add policy tags to any existing table's column.
What I see from terraform documents, this is not possible.

What is possible? -- Only way to add a policy tag, is while creating a new table (by passing schema).

But for an existing BigQuery service - tables are already existing and I only want to add policy tag, using terraform.

And do you have a sample config for how you are currently doing the following:

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_table
I can actually pass a field policyTag in the schema itself, and it creates the table and adds the policy tag.

But this is when you are creating a new table.

Hope I am a little bit more clear with my explanation.

@wj-chen
Copy link

wj-chen commented May 29, 2024

Thank you @adivardhan for the clarifications. It's currently by design that policy tags can only be set as part of a table's schema. For the existing BigQuery tables you have, if they are managed by Terraform, you should be able to update the schema field value to add policy tags the same way you specify schema for a new table. Please give that a try and see if it helps with your use case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement forward/linked service/bigquery
Projects
None yet
Milestone
Goals
Development

No branches or pull requests
5 participants
@melinath @adivardhan @modular-magician @wj-chen @adivardhansingh