import * as pulumi from "@pulumi/pulumi"; /** * Represents access on a subset of rows on the specified table, defined by its filter predicate. Access to the subset of rows is controlled by its IAM policy. * * ## Example Usage * * ### Bigquery Row Access Policy Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const example = new gcp.bigquery.Dataset("example", { * datasetId: "dataset_id", * location: "US", * }); * const exampleTable = new gcp.bigquery.Table("example", { * deletionProtection: false, * schema: `[ * { * \\"name\\": \\"nullable_field\\", * \\"type\\": \\"STRING\\" * } * ] * `, * datasetId: example.datasetId, * tableId: "table_id", * }); * const exampleRowAccessPolicy = new gcp.bigquery.RowAccessPolicy("example", { * datasetId: example.datasetId, * tableId: exampleTable.tableId, * policyId: "policy_id", * filterPredicate: "nullable_field is not NULL", * grantees: ["domain:google.com"], * }); * ``` * * ## Import * * RowAccessPolicy can be imported using any of these accepted formats: * * * `projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}/rowAccessPolicies/{{policy_id}}` * * `{{project}}/{{dataset_id}}/{{table_id}}/{{policy_id}}` * * `{{dataset_id}}/{{table_id}}/{{policy_id}}` * * When using the `pulumi import` command, RowAccessPolicy can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:bigquery/rowAccessPolicy:RowAccessPolicy default projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}/rowAccessPolicies/{{policy_id}} * $ pulumi import gcp:bigquery/rowAccessPolicy:RowAccessPolicy default {{project}}/{{dataset_id}}/{{table_id}}/{{policy_id}} * $ pulumi import gcp:bigquery/rowAccessPolicy:RowAccessPolicy default {{dataset_id}}/{{table_id}}/{{policy_id}} * ``` */ export declare class RowAccessPolicy extends pulumi.CustomResource { /** * Get an existing RowAccessPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RowAccessPolicyState, opts?: pulumi.CustomResourceOptions): RowAccessPolicy; /** * Returns true if the given object is an instance of RowAccessPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RowAccessPolicy; /** * The time when this row access policy was created, in milliseconds since * the epoch. */ readonly creationTime: pulumi.Output; /** * The ID of the dataset containing this row access policy. */ readonly datasetId: pulumi.Output; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ readonly deletionPolicy: pulumi.Output; /** * A SQL boolean expression that represents the rows defined by this row * access policy, similar to the boolean expression in a WHERE clause of a * SELECT query on a table. * References to other tables, routines, and temporary functions are not * supported. * Examples: region="EU" * dateField = CAST('2019-9-27' as DATE) * nullableField is not NULL * numericField BETWEEN 1.0 AND 5.0 */ readonly filterPredicate: pulumi.Output; /** * Input only. The optional list of iamMember users or groups that specifies the initial * members that the row-level access policy should be created with. * grantees types: * - "user:alice@example.com": An email address that represents a specific * Google account. * - "serviceAccount:my-other-app@appspot.gserviceaccount.com": An email * address that represents a service account. * - "group:admins@example.com": An email address that represents a Google * group. * - "domain:example.com":The Google Workspace domain (primary) that * represents all the users of that domain. * - "allAuthenticatedUsers": A special identifier that represents all service * accounts and all users on the internet who have authenticated with a Google * Account. This identifier includes accounts that aren't connected to a * Google Workspace or Cloud Identity domain, such as personal Gmail accounts. * Users who aren't authenticated, such as anonymous visitors, aren't * included. * - "allUsers":A special identifier that represents anyone who is on * the internet, including authenticated and unauthenticated users. Because * BigQuery requires authentication before a user can access the service, * allUsers includes only authenticated users. */ readonly grantees: pulumi.Output; /** * The time when this row access policy was last modified, in milliseconds * since the epoch. */ readonly lastModifiedTime: pulumi.Output; /** * The ID of the row access policy. The ID must contain only * letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum * length is 256 characters. */ readonly policyId: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The ID of the table containing this row access policy. */ readonly tableId: pulumi.Output; /** * Create a RowAccessPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RowAccessPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RowAccessPolicy resources. */ export interface RowAccessPolicyState { /** * The time when this row access policy was created, in milliseconds since * the epoch. */ creationTime?: pulumi.Input; /** * The ID of the dataset containing this row access policy. */ datasetId?: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * A SQL boolean expression that represents the rows defined by this row * access policy, similar to the boolean expression in a WHERE clause of a * SELECT query on a table. * References to other tables, routines, and temporary functions are not * supported. * Examples: region="EU" * dateField = CAST('2019-9-27' as DATE) * nullableField is not NULL * numericField BETWEEN 1.0 AND 5.0 */ filterPredicate?: pulumi.Input; /** * Input only. The optional list of iamMember users or groups that specifies the initial * members that the row-level access policy should be created with. * grantees types: * - "user:alice@example.com": An email address that represents a specific * Google account. * - "serviceAccount:my-other-app@appspot.gserviceaccount.com": An email * address that represents a service account. * - "group:admins@example.com": An email address that represents a Google * group. * - "domain:example.com":The Google Workspace domain (primary) that * represents all the users of that domain. * - "allAuthenticatedUsers": A special identifier that represents all service * accounts and all users on the internet who have authenticated with a Google * Account. This identifier includes accounts that aren't connected to a * Google Workspace or Cloud Identity domain, such as personal Gmail accounts. * Users who aren't authenticated, such as anonymous visitors, aren't * included. * - "allUsers":A special identifier that represents anyone who is on * the internet, including authenticated and unauthenticated users. Because * BigQuery requires authentication before a user can access the service, * allUsers includes only authenticated users. */ grantees?: pulumi.Input[] | undefined>; /** * The time when this row access policy was last modified, in milliseconds * since the epoch. */ lastModifiedTime?: pulumi.Input; /** * The ID of the row access policy. The ID must contain only * letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum * length is 256 characters. */ policyId?: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The ID of the table containing this row access policy. */ tableId?: pulumi.Input; } /** * The set of arguments for constructing a RowAccessPolicy resource. */ export interface RowAccessPolicyArgs { /** * The ID of the dataset containing this row access policy. */ datasetId: pulumi.Input; /** * Whether Terraform will be prevented from destroying the resource. Defaults to DELETE. * When a 'terraform destroy' or 'pulumi up' would delete the resource, * the command will fail if this field is set to "PREVENT" in Terraform state. * When set to "ABANDON", the command will remove the resource from Terraform * management without updating or deleting the resource in the API. * When set to "DELETE", deleting the resource is allowed. */ deletionPolicy?: pulumi.Input; /** * A SQL boolean expression that represents the rows defined by this row * access policy, similar to the boolean expression in a WHERE clause of a * SELECT query on a table. * References to other tables, routines, and temporary functions are not * supported. * Examples: region="EU" * dateField = CAST('2019-9-27' as DATE) * nullableField is not NULL * numericField BETWEEN 1.0 AND 5.0 */ filterPredicate: pulumi.Input; /** * Input only. The optional list of iamMember users or groups that specifies the initial * members that the row-level access policy should be created with. * grantees types: * - "user:alice@example.com": An email address that represents a specific * Google account. * - "serviceAccount:my-other-app@appspot.gserviceaccount.com": An email * address that represents a service account. * - "group:admins@example.com": An email address that represents a Google * group. * - "domain:example.com":The Google Workspace domain (primary) that * represents all the users of that domain. * - "allAuthenticatedUsers": A special identifier that represents all service * accounts and all users on the internet who have authenticated with a Google * Account. This identifier includes accounts that aren't connected to a * Google Workspace or Cloud Identity domain, such as personal Gmail accounts. * Users who aren't authenticated, such as anonymous visitors, aren't * included. * - "allUsers":A special identifier that represents anyone who is on * the internet, including authenticated and unauthenticated users. Because * BigQuery requires authentication before a user can access the service, * allUsers includes only authenticated users. */ grantees?: pulumi.Input[] | undefined>; /** * The ID of the row access policy. The ID must contain only * letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum * length is 256 characters. */ policyId: pulumi.Input; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The ID of the table containing this row access policy. */ tableId: pulumi.Input; } //# sourceMappingURL=rowAccessPolicy.d.ts.map