1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: core.cnrm.cloud.google.com/v1alpha1
16kind: ServiceMapping
17metadata:
18 name: bigquery.cnrm.cloud.google.com
19 namespace: cnrm-system
20spec:
21 name: BigQuery
22 version: v1beta1
23 serviceHostName: "bigquery.googleapis.com"
24 resources:
25 - name: google_bigquery_dataset
26 kind: BigQueryDataset
27 idTemplate: "projects/{{project}}/datasets/{{dataset_id}}"
28 idTemplateCanBeUsedToMatchResourceName: true
29 resourceAvailableInAssetInventory: true
30 metadataMapping:
31 name: dataset_id
32 labels: labels
33 resourceID:
34 targetField: dataset_id
35 containers:
36 - type: project
37 tfField: project
38 hierarchicalReferences:
39 - type: project
40 key: projectRef
41 directives:
42 - delete_contents_on_destroy
43 ignoredFields:
44 # TODO(b/263163112): Support the reference to BigQueryRoutine.
45 - access.routine
46 resourceReferences:
47 - key: projectRef
48 tfField: project
49 description: |-
50 The project that this resource belongs to.
51 gvk:
52 kind: Project
53 version: v1beta1
54 group: resourcemanager.cnrm.cloud.google.com
55 - tfField: default_encryption_configuration.kms_key_name
56 description: |-
57 Describes the Cloud KMS encryption key that will be used to protect destination
58 BigQuery table. The BigQuery Service Account associated with your project requires
59 access to this encryption key.
60 key: kmsKeyRef
61 gvk:
62 kind: KMSCryptoKey
63 version: v1beta1
64 group: kms.cnrm.cloud.google.com
65 targetField: self_link
66 - name: google_bigquery_job
67 kind: BigQueryJob
68 idTemplate: "projects/{{project}}/jobs/{{job_id}}"
69 idTemplateCanBeUsedToMatchResourceName: true
70 resourceAvailableInAssetInventory: false
71 metadataMapping:
72 name: job_id
73 labels: labels
74 resourceID:
75 targetField: job_id
76 containers:
77 - type: project
78 tfField: project
79 resourceReferences:
80 - key: tableRef
81 tfField: copy.source_tables.table_id
82 description: |-
83 A reference to the table.
84 gvk:
85 kind: BigQueryTable
86 version: v1beta1
87 group: bigquery.cnrm.cloud.google.com
88 targetField: self_link
89 - key: tableRef
90 tfField: copy.destination_table.table_id
91 description: |-
92 A reference to the table.
93 gvk:
94 kind: BigQueryTable
95 version: v1beta1
96 group: bigquery.cnrm.cloud.google.com
97 targetField: self_link
98 - key: tableRef
99 tfField: extract.source_table.table_id
100 description: |-
101 A reference to the table.
102 gvk:
103 kind: BigQueryTable
104 version: v1beta1
105 group: bigquery.cnrm.cloud.google.com
106 targetField: self_link
107 - key: tableRef
108 tfField: load.destination_table.table_id
109 description: |-
110 A reference to the table.
111 gvk:
112 kind: BigQueryTable
113 version: v1beta1
114 group: bigquery.cnrm.cloud.google.com
115 targetField: self_link
116 - key: datasetRef
117 tfField: query.default_dataset.dataset_id
118 description: |-
119 A reference to the dataset.
120 gvk:
121 kind: BigQueryDataset
122 version: v1beta1
123 group: bigquery.cnrm.cloud.google.com
124 targetField: self_link
125 - key: tableRef
126 tfField: query.destination_table.table_id
127 description: |-
128 A reference to the table.
129 gvk:
130 kind: BigQueryTable
131 version: v1beta1
132 group: bigquery.cnrm.cloud.google.com
133 targetField: self_link
134 - key: kmsKeyRef
135 tfField: copy.destination_encryption_configuration.kms_key_name
136 description: |-
137 Describes the Cloud KMS encryption key that will be used to protect
138 destination BigQuery table. The BigQuery Service Account associated
139 with your project requires access to this encryption key.
140 gvk:
141 kind: KMSCryptoKey
142 version: v1beta1
143 group: kms.cnrm.cloud.google.com
144 targetField: self_link
145 - key: kmsKeyRef
146 tfField: load.destination_encryption_configuration.kms_key_name
147 description: |-
148 Describes the Cloud KMS encryption key that will be used to protect
149 destination BigQuery table. The BigQuery Service Account associated
150 with your project requires access to this encryption key.
151 gvk:
152 kind: KMSCryptoKey
153 version: v1beta1
154 group: kms.cnrm.cloud.google.com
155 targetField: self_link
156 - key: kmsKeyRef
157 tfField: query.destination_encryption_configuration.kms_key_name
158 description: |-
159 Describes the Cloud KMS encryption key that will be used to protect
160 destination BigQuery table. The BigQuery Service Account associated
161 with your project requires access to this encryption key.
162 gvk:
163 kind: KMSCryptoKey
164 version: v1beta1
165 group: kms.cnrm.cloud.google.com
166 targetField: self_link
167 ignoredFields:
168 - copy.source_tables.project_id
169 - copy.source_tables.dataset_id
170 - copy.destination_table.project_id
171 - copy.destination_table.dataset_id
172 - extract.source_table.project_id
173 - extract.source_table.dataset_id
174 - load.destination_table.project_id
175 - load.destination_table.dataset_id
176 - query.default_dataset.project_id
177 - query.destination_table.project_id
178 - query.destination_table.dataset_id
179 # TODO(kcc-eng): omit support for references to BigQuery ML Models for
180 # now since the reference field is broken up into three fields, whereas
181 # KCC resource references need to be able to map to a single TF field.
182 # We could change one of the three fields to be able to accept a
183 # self_link to a BigQuery ML Model and then make the other two fields
184 # optional, making it possible for us to just drop the other two
185 # fields. This is the approach we took for table and dataset
186 # references. However, BigQuery ML Models don't seem to have a selfLink
187 # attribute today (source: cloud.google.com/bigquery/docs/reference/rest/v2/models).
188 - extract.source_model
189 - name: google_bigquery_table
190 kind: BigQueryTable
191 idTemplate: "projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}"
192 idTemplateCanBeUsedToMatchResourceName: true
193 resourceAvailableInAssetInventory: true
194 metadataMapping:
195 name: table_id
196 labels: labels
197 resourceID:
198 targetField: table_id
199 iamConfig:
200 policyName: google_bigquery_table_iam_policy
201 policyMemberName: google_bigquery_table_iam_member
202 referenceField:
203 name: table_id
204 type: name
205 supportsConditions: true
206 ignoredFields:
207 - deletion_protection
208 resourceReferences:
209 - key: datasetRef
210 tfField: dataset_id
211 gvk:
212 kind: BigQueryDataset
213 version: v1beta1
214 group: bigquery.cnrm.cloud.google.com
215 - tfField: encryption_configuration.kms_key_name
216 key: kmsKeyRef
217 gvk:
218 kind: KMSCryptoKey
219 version: v1beta1
220 group: kms.cnrm.cloud.google.com
221 targetField: self_link
222 containers:
223 - type: project
224 tfField: project
View as plain text