bigquery datamasking (#6425)

* data masking

* data masking - examples

* import

* cr comments

* cr comments - update test

* align with connection resource

mmv1/products/bigquerydatapolicy/api.yaml

@@ -0,0 +1,97 @@
+# Copyright 2022 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+!ruby/object:Api::Product
+name: BigqueryDatapolicy
+display_name: BigQuery Data Policy
+scopes:
+  - https://www.googleapis.com/auth/cloud-platform
+versions:
+  - !ruby/object:Api::Product::Version
+    name: beta
+    base_url: https://bigquerydatapolicy.googleapis.com/v1beta1/
+apis_required:
+  - !ruby/object:Api::Product::ApiReference
+    name: BigQuery Data Policy API
+    url: https://console.cloud.google.com/apis/library/bigquerydatapolicy.googleapis.com/
+objects:
+  - !ruby/object:Api::Resource
+    name: "DataPolicy"
+    min_version: beta
+    base_url: projects/{{project}}/locations/{{location}}/dataPolicies
+    create_url: projects/{{project}}/locations/{{location}}/dataPolicies
+    self_link: projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
+    update_verb: :PATCH
+    update_mask: true
+    description: A BigQuery Data Policy
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        "Official Documentation": "https://cloud.google.com/bigquery/docs/column-data-masking-intro"
+      api: "https://cloud.google.com/bigquery/docs/reference/bigquerydatapolicy/rest/v1beta1/projects.locations.dataPolicies/create"
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      exclude: false
+      method_name_separator: ":"
+      fetch_iam_policy_verb: :POST
+      parent_resource_attribute: "data_policy_id"
+      import_format:
+        [
+          "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}",
+          "{{data_policy_id}}"
+        ]
+    properties:
+      - !ruby/object:Api::Type::String
+        name: name
+        description: |-
+          Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.
+        output: true
+      - !ruby/object:Api::Type::String
+        name: dataPolicyId
+        description: |-
+          User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.
+        required: true
+        input: true
+      - !ruby/object:Api::Type::String
+        name: location
+        description: |
+          The name of the location of the data policy.
+        required: true
+        input: true
+        url_param_only: true
+      - !ruby/object:Api::Type::String
+        name: policyTag
+        description: |-
+          Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.
+        required: true
+      - !ruby/object:Api::Type::Enum
+        name: dataPolicyType
+        description: |
+          The enrollment level of the service.
+        required: true
+        values:
+          - :COLUMN_LEVEL_SECURITY_POLICY
+          - :DATA_MASKING_POLICY
+      - !ruby/object:Api::Type::NestedObject
+        name: "dataMaskingPolicy"
+        description: |
+          The data masking policy that specifies the data masking rule to use.
+        properties:
+          - !ruby/object:Api::Type::Enum
+            name: "predefinedExpression"
+            required: true
+            description: |-
+              The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
+            values:
+              - :SHA256
+              - :ALWAYS_NULL
+              - :DEFAULT_MASKING_VALUE

mmv1/products/bigquerydatapolicy/terraform.yaml

@@ -0,0 +1,36 @@
+# Copyright 2022 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+!ruby/object:Provider::Terraform::Config
+overrides: !ruby/object:Overrides::ResourceOverrides
+  DataPolicy: !ruby/object:Overrides::Terraform::ResourceOverride
+    id_format: projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}
+    import_format:
+      [
+        "projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}",
+        "{{project}}/{{location}}/{{data_policy_id}}",
+         "{{location}}/{{data_policy_id}}"
+      ]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "bigquery_datapolicy_data_policy_basic"
+        min_version: beta
+        primary_resource_id: "data_policy"
+        primary_resource_name: 'fmt.Sprintf("tf_test_data_policy%s", context["random_suffix"])'
+        vars:
+          data_policy_id: "data_policy"
+          taxonomy: "taxonomy"
+    properties:
+      policyTag: !ruby/object:Overrides::Terraform::PropertyOverride
+        diff_suppress_func: "projectNumberDiffSuppress"

mmv1/templates/terraform/examples/bigquery_datapolicy_data_policy_basic.tf.erb

@@ -0,0 +1,22 @@
+resource "google_bigquery_datapolicy_data_policy" "<%= ctx[:primary_resource_id] %>" {
+    provider = google-beta
+    location         = "us-central1"
+    data_policy_id   = "<%= ctx[:vars]['data_policy_id'] %>"
+    policy_tag       = google_data_catalog_policy_tag.policy_tag.name
+    data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
+  }
+
+  resource "google_data_catalog_policy_tag" "policy_tag" {
+    provider = google-beta
+    taxonomy     = google_data_catalog_taxonomy.taxonomy.id
+    display_name = "Low security"
+    description  = "A policy tag normally associated with low security items"
+  }
+
+  resource "google_data_catalog_taxonomy" "taxonomy" {
+    provider = google-beta
+    region                 = "us-central1"
+    display_name           = "<%= ctx[:vars]['taxonomy'] %>"
+    description            = "A collection of policy tags"
+    activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+  }

mmv1/third_party/terraform/tests/resource_bigquery_datapolicy_data_policy_test.go.erb

@@ -0,0 +1,74 @@
+<% autogen_exception -%>
+package google
+
+<% unless version == 'ga' -%>
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersOiCS,
+		CheckDestroy: testAccCheckBigqueryDatapolicyDataPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyBasicExample(context),
+			},
+			{
+				ResourceName:            "google_bigquery_datapolicy_data_policy.data_policy",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location"},
+			},
+			{
+				Config: testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(context),
+			},
+		},
+	})
+}
+
+func testAccBigqueryDatapolicyDataPolicy_bigqueryDatapolicyDataPolicyUpdate(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_bigquery_datapolicy_data_policy" "data_policy" {
+    provider = google-beta
+    location         = "us-central1"
+    data_policy_id   = "tf_test_data_policy%{random_suffix}"
+    policy_tag       = google_data_catalog_policy_tag.policy_tag_updated.name
+    data_policy_type = "COLUMN_LEVEL_SECURITY_POLICY"
+  }
+
+  resource "google_data_catalog_policy_tag" "policy_tag" {
+    provider = google-beta
+    taxonomy     = google_data_catalog_taxonomy.taxonomy.id
+    display_name = "Low security"
+    description  = "A policy tag normally associated with low security items"
+  }
+
+  resource "google_data_catalog_policy_tag" "policy_tag_updated" {
+    provider = google-beta
+    taxonomy     = google_data_catalog_taxonomy.taxonomy.id
+    display_name = "Low security updated"
+    description  = "A policy tag normally associated with low security items"
+  }  
+
+  resource "google_data_catalog_taxonomy" "taxonomy" {
+    provider = google-beta
+    region                 = "us-central1"
+    display_name           = "taxonomy%{random_suffix}"
+    description            = "A collection of policy tags"
+    activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+  }
+`, context)
+}
+
+<% end %>