Open aaronclong opened 6 months ago
Note from triage: This doesn't seem to be supported at the REST API layer, only by calls to BigQuery directly, which means we can't support it in the provider at this time. Support would need to be added to the REST API first.
Note from triage: This doesn't seem to be supported at the REST API layer, only by calls to BigQuery directly, which means we can't support it in the provider at this time. Support would need to be added to the REST API first.
That's good know, thank you for pointing that out. I wonder if I can make feature request to Google and link that here.
Update: It looks like there is already an issue created for this from April 2022: https://issuetracker.google.com/issues/229861829
RowAccessPolicy is its own GCP resource (https://cloud.google.com/bigquery/docs/reference/rest/v2/rowAccessPolicies), so it'll likely translate to a new resource in the Terraform provider. As mentioned, there is no official API to manage RowAccessPolicy at the time. The standard procedure would be to make the API available first before adding it to the provider. Since it's possible to manage it using DDL statement today, it may be possible to implement the new Terraform resource in such a way that behind the scenes we just execute the DDL statement instead of calling an API, but it's generally not ideal as e.g. it requires careful surface design to be as forward-compatible as possible to match the potential API surface when an API does become available, and it requires the user to have IAM permission for e.g. jobs.create
for now to run the BigQuery Job but the actual rowAccessPolicies.create
permission in the future, and the transition may break users. If using the Job resource separately unblocks you, I'd suggest doing that for now.
There is now work underway to support managing Row Level Security Policies through the API which will unblock adding support for this resource in Terraform. A tentative timeline for availability is Q4. Please continue to follow this bug for updates.
There is now work underway to support managing Row Level Security Policies through the API which will unblock adding support for this resource in Terraform. A tentative timeline for availability is Q4. Please continue to follow this bug for updates.
@wj-chen is there any source that you can link here for others to view the ETA or completion? I can't find anything in their public issue webpage or anywhere else.
Community Note
Description
I can't seem to find any documentation or resources for BigQuery's Row Level Security. Do exists resources provide for this already, or does a new resource or modification of existing resource need to be crafted?
The only workaround to this seems to be a to create BigQuery Job to add the permissions.
New or Affected Resource(s)
Potential Terraform Configuration
References
https://cloud.google.com/bigquery/docs/managing-row-level-security#create-policy
b/328133777