Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for BigQuery Column Level Security #6156

Closed
ed-hammond opened this issue Apr 21, 2020 · 3 comments
Closed

Add support for BigQuery Column Level Security #6156

ed-hammond opened this issue Apr 21, 2020 · 3 comments
Labels
enhancement

Comments

@ed-hammond
Copy link

ed-hammond commented Apr 21, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

With the introduction of Column Level Security in BigQuery, attempting to specify the policyTags in the table schema is silently ignored by the google_bigquery_table resource. There are no errors, but the policy is not applied to BigQuery. While it is nice errors are not thrown so that at least something gets defined, it leads to misunderstandings and potential security risks.

Would like to see the policyTags be passed to BigQuery for application to the field in question.

New or Affected Resource(s)

  • google_bigquery_table

Potential Terraform Configuration

At a minimum, it would be helpful if this syntax were supported:

  {
     "name": "field_name",
     "type": "STRING",
     "mode": "NULLABLE",
     "description": "field description",
     "policyTags": {
       "names": [
         "projects/myproj/locations/us/taxonomies/123456789/policyTags/123456789",
         var.common_policy
       ]
     }
  },

References
@ghost ghost added the enhancement label Apr 21, 2020
@danawillow
Copy link
Contributor

What version of the provider are you using? I think this should work in some of the more recent versions.

@ed-hammond
Copy link
Author

I upleveled to 3.19.0 and it works as expected.
I should have tried that before filing the issue.
Thanks. Sorry to have bothered you.

@ghost ghost removed the waiting-response label Apr 28, 2020
@ghost
Copy link

ghost commented May 28, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators May 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danawillow @ed-hammond