import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Example Usage * * ### Bigquery Dataset Access Basic User * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); * const bqowner = new gcp.serviceaccount.Account("bqowner", {accountId: "bqowner"}); * const access = new gcp.bigquery.DatasetAccess("access", { * datasetId: dataset.datasetId, * role: "OWNER", * userByEmail: bqowner.email, * }); * ``` * ### Bigquery Dataset Access View * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _private = new gcp.bigquery.Dataset("private", {datasetId: "example_dataset"}); * const _public = new gcp.bigquery.Dataset("public", {datasetId: "example_dataset2"}); * const publicTable = new gcp.bigquery.Table("public", { * deletionProtection: false, * datasetId: _public.datasetId, * tableId: "example_table", * view: { * query: "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", * useLegacySql: false, * }, * }); * const access = new gcp.bigquery.DatasetAccess("access", { * datasetId: _private.datasetId, * view: { * projectId: publicTable.project, * datasetId: _public.datasetId, * tableId: publicTable.tableId, * }, * }); * ``` * ### Bigquery Dataset Access Authorized Dataset * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _private = new gcp.bigquery.Dataset("private", {datasetId: "private"}); * const _public = new gcp.bigquery.Dataset("public", {datasetId: "public"}); * const access = new gcp.bigquery.DatasetAccess("access", { * datasetId: _private.datasetId, * authorizedDataset: { * dataset: { * projectId: _public.project, * datasetId: _public.datasetId, * }, * targetTypes: ["VIEWS"], * }, * }); * ``` * ### Bigquery Dataset Access Authorized Routine * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const _public = new gcp.bigquery.Dataset("public", { * datasetId: "public_dataset", * description: "This dataset is public", * }); * const publicRoutine = new gcp.bigquery.Routine("public", { * datasetId: _public.datasetId, * routineId: "public_routine", * routineType: "TABLE_VALUED_FUNCTION", * language: "SQL", * definitionBody: "SELECT 1 + value AS value\n", * arguments: [{ * name: "value", * argumentKind: "FIXED_TYPE", * dataType: JSON.stringify({ * typeKind: "INT64", * }), * }], * returnTableType: JSON.stringify({ * columns: [{ * name: "value", * type: { * typeKind: "INT64", * }, * }], * }), * }); * const _private = new gcp.bigquery.Dataset("private", { * datasetId: "private_dataset", * description: "This dataset is private", * }); * const authorizedRoutine = new gcp.bigquery.DatasetAccess("authorized_routine", { * datasetId: _private.datasetId, * routine: { * projectId: publicRoutine.project, * datasetId: publicRoutine.datasetId, * routineId: publicRoutine.routineId, * }, * }); * ``` * * ## Import * * This resource does not support import. */ export declare class DatasetAccess extends pulumi.CustomResource { /** * Get an existing DatasetAccess resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: DatasetAccessState, opts?: pulumi.CustomResourceOptions): DatasetAccess; /** * Returns true if the given object is an instance of DatasetAccess. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is DatasetAccess; /** * If true, represents that that the iamMember in the config was translated to a different member type by the API, and is * stored in state as a different member type */ readonly apiUpdatedMember: pulumi.Output; /** * Grants all resources of particular types in a particular dataset read access to the current dataset. * Structure is documented below. */ readonly authorizedDataset: pulumi.Output; /** * Condition for the binding. If CEL expression in this field is true, this * access binding will be considered. * Structure is documented below. */ readonly condition: pulumi.Output; /** * A unique ID for this dataset, without the project name. The ID * must contain only letters (a-z, A-Z), numbers (0-9), or * underscores (_). The maximum length is 1,024 characters. * * * - - - */ readonly datasetId: pulumi.Output; /** * A domain to grant access to. Any users signed in with the * domain specified will be granted the specified access */ readonly domain: pulumi.Output; /** * An email address of a Google Group to grant access to. */ readonly groupByEmail: pulumi.Output; /** * Some other type of member that appears in the IAM Policy but isn't a user, * group, domain, or special group. For example: `allUsers` */ readonly iamMember: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * Describes the rights granted to the user specified by the other * member of the access object. Basic, predefined, and custom roles are * supported. Predefined roles that have equivalent basic roles are * swapped by the API to their basic counterparts, and will show a diff * post-create. See * [official docs](https://cloud.google.com/bigquery/docs/access-control). */ readonly role: pulumi.Output; /** * A routine from a different dataset to grant access to. Queries * executed against that routine will have read access to tables in * this dataset. The role field is not required when this field is * set. If that routine is updated by any user, access to the routine * needs to be granted again via an update operation. * Structure is documented below. */ readonly routine: pulumi.Output; /** * A special group to grant access to. Possible values include: * * `projectOwners`: Owners of the enclosing project. * * `projectReaders`: Readers of the enclosing project. * * `projectWriters`: Writers of the enclosing project. * * `allAuthenticatedUsers`: All authenticated BigQuery users. */ readonly specialGroup: pulumi.Output; /** * An email address of a user to grant access to. For example: * fred@example.com */ readonly userByEmail: pulumi.Output; /** * A view from a different dataset to grant access to. Queries * executed against that view will have read access to tables in * this dataset. The role field is not required when this field is * set. If that view is updated by any user, access to the view * needs to be granted again via an update operation. * Structure is documented below. */ readonly view: pulumi.Output; /** * Create a DatasetAccess resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DatasetAccessArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering DatasetAccess resources. */ export interface DatasetAccessState { /** * If true, represents that that the iamMember in the config was translated to a different member type by the API, and is * stored in state as a different member type */ apiUpdatedMember?: pulumi.Input; /** * Grants all resources of particular types in a particular dataset read access to the current dataset. * Structure is documented below. */ authorizedDataset?: pulumi.Input; /** * Condition for the binding. If CEL expression in this field is true, this * access binding will be considered. * Structure is documented below. */ condition?: pulumi.Input; /** * A unique ID for this dataset, without the project name. The ID * must contain only letters (a-z, A-Z), numbers (0-9), or * underscores (_). The maximum length is 1,024 characters. * * * - - - */ datasetId?: pulumi.Input; /** * A domain to grant access to. Any users signed in with the * domain specified will be granted the specified access */ domain?: pulumi.Input; /** * An email address of a Google Group to grant access to. */ groupByEmail?: pulumi.Input; /** * Some other type of member that appears in the IAM Policy but isn't a user, * group, domain, or special group. For example: `allUsers` */ iamMember?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Describes the rights granted to the user specified by the other * member of the access object. Basic, predefined, and custom roles are * supported. Predefined roles that have equivalent basic roles are * swapped by the API to their basic counterparts, and will show a diff * post-create. See * [official docs](https://cloud.google.com/bigquery/docs/access-control). */ role?: pulumi.Input; /** * A routine from a different dataset to grant access to. Queries * executed against that routine will have read access to tables in * this dataset. The role field is not required when this field is * set. If that routine is updated by any user, access to the routine * needs to be granted again via an update operation. * Structure is documented below. */ routine?: pulumi.Input; /** * A special group to grant access to. Possible values include: * * `projectOwners`: Owners of the enclosing project. * * `projectReaders`: Readers of the enclosing project. * * `projectWriters`: Writers of the enclosing project. * * `allAuthenticatedUsers`: All authenticated BigQuery users. */ specialGroup?: pulumi.Input; /** * An email address of a user to grant access to. For example: * fred@example.com */ userByEmail?: pulumi.Input; /** * A view from a different dataset to grant access to. Queries * executed against that view will have read access to tables in * this dataset. The role field is not required when this field is * set. If that view is updated by any user, access to the view * needs to be granted again via an update operation. * Structure is documented below. */ view?: pulumi.Input; } /** * The set of arguments for constructing a DatasetAccess resource. */ export interface DatasetAccessArgs { /** * Grants all resources of particular types in a particular dataset read access to the current dataset. * Structure is documented below. */ authorizedDataset?: pulumi.Input; /** * Condition for the binding. If CEL expression in this field is true, this * access binding will be considered. * Structure is documented below. */ condition?: pulumi.Input; /** * A unique ID for this dataset, without the project name. The ID * must contain only letters (a-z, A-Z), numbers (0-9), or * underscores (_). The maximum length is 1,024 characters. * * * - - - */ datasetId: pulumi.Input; /** * A domain to grant access to. Any users signed in with the * domain specified will be granted the specified access */ domain?: pulumi.Input; /** * An email address of a Google Group to grant access to. */ groupByEmail?: pulumi.Input; /** * Some other type of member that appears in the IAM Policy but isn't a user, * group, domain, or special group. For example: `allUsers` */ iamMember?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Describes the rights granted to the user specified by the other * member of the access object. Basic, predefined, and custom roles are * supported. Predefined roles that have equivalent basic roles are * swapped by the API to their basic counterparts, and will show a diff * post-create. See * [official docs](https://cloud.google.com/bigquery/docs/access-control). */ role?: pulumi.Input; /** * A routine from a different dataset to grant access to. Queries * executed against that routine will have read access to tables in * this dataset. The role field is not required when this field is * set. If that routine is updated by any user, access to the routine * needs to be granted again via an update operation. * Structure is documented below. */ routine?: pulumi.Input; /** * A special group to grant access to. Possible values include: * * `projectOwners`: Owners of the enclosing project. * * `projectReaders`: Readers of the enclosing project. * * `projectWriters`: Writers of the enclosing project. * * `allAuthenticatedUsers`: All authenticated BigQuery users. */ specialGroup?: pulumi.Input; /** * An email address of a user to grant access to. For example: * fred@example.com */ userByEmail?: pulumi.Input; /** * A view from a different dataset to grant access to. Queries * executed against that view will have read access to tables in * this dataset. The role field is not required when this field is * set. If that view is updated by any user, access to the view * needs to be granted again via an update operation. * Structure is documented below. */ view?: pulumi.Input; }