# Copyright 2024 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: blueprints.cloud.google.com/v1alpha1 kind: BlueprintMetadata metadata: name: terraform-google-bigquery-authorization annotations: config.kubernetes.io/local-config: "true" spec: info: title: BigQuery Authorized Datasets, Views and Routines source: repo: https://github.com/terraform-google-modules/terraform-google-bigquery sourceType: git dir: /modules/authorization version: 8.1.0 actuationTool: flavor: Terraform version: ">= 1.3" description: {} content: examples: - name: basic_bq location: examples/basic_bq - name: basic_view location: examples/basic_view - name: data_warehouse location: examples/data_warehouse - name: multiple_tables location: examples/multiple_tables - name: scheduled_queries location: examples/scheduled_queries interfaces: variables: - name: dataset_id description: Unique ID for the dataset being provisioned. varType: string required: true - name: project_id description: Project where the dataset and table are created varType: string required: true - name: roles description: An array of objects that define dataset access for one or more entities. varType: any defaultValue: [] - name: authorized_views description: An array of views to give authorize for the dataset varType: |- list(object({ dataset_id = string, project_id = string, table_id = string # this is the view id, but we keep table_id to stay consistent as the resource })) defaultValue: [] - name: authorized_datasets description: An array of datasets to be authorized on the dataset varType: |- list(object({ dataset_id = string, project_id = string, })) defaultValue: [] - name: authorized_routines description: An array of authorized routine to be authorized on the dataset varType: |- list(object({ project_id = string, dataset_id = string, routine_id = string })) defaultValue: [] outputs: - name: authorized_dataset description: Authorized datasets for the BQ dataset - name: authorized_roles description: Authorized roles for the dataset - name: authorized_views description: Authorized views for the dataset requirements: roles: - level: Project roles: - roles/bigquery.admin - roles/cloudkms.cryptoKeyEncrypterDecrypter - roles/owner services: - cloudkms.googleapis.com - cloudresourcemanager.googleapis.com - bigquery.googleapis.com - bigquerystorage.googleapis.com - bigqueryconnection.googleapis.com - serviceusage.googleapis.com - iam.googleapis.com providerVersions: - source: hashicorp/google version: ">= 5.39, < 7"