22
33This module allows managing [ Data Catalog Tag Templates] ( https://cloud.google.com/data-catalog/docs/tags-and-tag-templates ) .
44
5- ## Examples
5+ <!-- BEGIN TOC -->
6+ - [ Simple Tag Template] ( #simple-tag-template )
7+ - [ Tag Template with IAM] ( #tag-template-with-iam )
8+ - [ Factory] ( #factory )
9+ - [ Variables] ( #variables )
10+ - [ Outputs] ( #outputs )
11+ <!-- END TOC -->
612
7- ### Simple Tag Template
13+ ## Simple Tag Template
814
915``` hcl
1016module "data-catalog-tag-template" {
1117 source = "./fabric/modules/data-catalog-tag-template"
1218 project_id = "my-project"
19+ region = "europe-west1"
1320 tag_templates = {
1421 demo_var = {
15- region = "europe-west1"
1622 display_name = "Demo Tag Template"
1723 fields = {
1824 source = {
1925 display_name = "Source of data asset"
26+ is_required = true
2027 type = {
2128 primitive_type = "STRING"
2229 }
23- is_required = true
2430 }
2531 }
2632 }
@@ -29,142 +35,68 @@ module "data-catalog-tag-template" {
2935# tftest modules=1 resources=1
3036```
3137
32- ### Tag Template with IAM
38+ ## Tag Template with IAM
3339
34- ``` hcl
35- module "data-catalog-tag-template" {
36- source = "./fabric/modules/data-catalog-tag-template"
37- project_id = "my-project"
38- tag_templates = {
39- demo_var = {
40- region = "europe-west1"
41- display_name = "Demo Tag Template"
42- fields = {
43- source = {
44- display_name = "Source of data asset"
45- type = {
46- primitive_type = "STRING"
47- }
48- is_required = true
49- }
50- }
51- }
52- }
53- iam = {
54- "roles/datacatalog.tagTemplateOwner" = ["group:[email protected] "] 55- "roles/datacatalog.tagTemplateUser" = ["group:[email protected] "] 56- }
57- }
58- # tftest modules=1 resources=3
59- ```
40+ The module conforms to our standard IAM interface and implements the ` iam ` , ` iam_bindings ` and ` iam_bindings_additive ` variables.
6041
6142``` hcl
6243module "data-catalog-tag-template" {
6344 source = "./fabric/modules/data-catalog-tag-template"
64- project_id = var.project_id
65- tag_templates = {
66- demo_var = {
67- region = "europe-west1"
68- display_name = "Demo Tag Template"
69- fields = {
70- source = {
71- display_name = "Source of data asset"
72- type = {
73- primitive_type = "STRING"
74- }
75- is_required = true
76- }
77- }
78- }
79- }
80- iam_bindings = {
81- admin-with-delegated_roles = {
82- role = "roles/datacatalog.tagTemplateOwner"
83- members = ["group:[email protected] "] 84- condition = {
85- title = "delegated-role-grants"
86- expression = format(
87- "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
88- join(",", formatlist("'%s'",
89- [
90- "roles/datacatalog.tagTemplateOwner"
91- ]
92- ))
93- )
94- }
95- }
96- }
97- }
98- # tftest modules=1 resources=2
99- ```
100-
101- ``` hcl
102- module "data-catalog-tag-template" {
103- source = "./fabric/modules/data-catalog-tag-template"
104- project_id = var.project_id
45+ project_id = "my-project"
46+ region = "europe-west1"
10547 tag_templates = {
10648 demo_var = {
107- region = "europe-west1"
10849 display_name = "Demo Tag Template"
50+ is_required = true
10951 fields = {
11052 source = {
11153 display_name = "Source of data asset"
11254 type = {
11355 primitive_type = "STRING"
11456 }
115- is_required = true
11657 }
11758 }
118- }
119- }
120- iam_bindings_additive = {
121- admin-with-delegated_roles = {
122- role = "roles/datacatalog.tagTemplateOwner"
123- member = "group:[email protected] " 124- condition = {
125- title = "delegated-role-grants"
126- expression = format(
127- "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
128- join(",", formatlist("'%s'",
129- [
130- "roles/datacatalog.tagTemplateOwner"
131- ]
132- ))
133- )
59+ iam = {
60+ "roles/datacatalog.tagTemplateOwner" = [
61+ 62+ ]
63+ "roles/datacatalog.tagTemplateUser" = [
64+ 65+ ]
13466 }
13567 }
13668 }
13769}
138- # tftest modules=1 resources=2
70+ # tftest modules=1 resources=3
13971```
14072
141- ### Factory
73+ ## Factory
14274
14375Similarly to other modules, a rules factory (see [ Resource Factories] ( ../../blueprints/factories/ ) ) is also included here to allow tag template management via descriptive configuration files.
14476
145- Factory configuration is via one optional attributes in the ` factory_config_path ` variable specifying the path where tag template files are stored.
77+ Factory configuration is done via a single optional attribute in the ` factory_config_path ` variable specifying the path where tag template files are stored.
14678
147- Factory tag templates are merged with rules declared in code, with the latter taking precedence where both use the same key.
79+ Factory tag templates are merged with rules declared in code, with the latter taking precedence if both use the same key.
14880
149- The name of the file will be used as ` tag_template_id ` field.
81+ The name of the file will be used as the ` tag_template_id ` field.
15082
15183This is an example of a simple factory:
15284
15385``` hcl
15486module "data-catalog-tag-template" {
15587 source = "./fabric/modules/data-catalog-tag-template"
15688 project_id = "my-project"
89+ region = "europe-west1"
15790 tag_templates = {
15891 demo_var = {
159- region = "europe-west1"
16092 display_name = "Demo Tag Template"
16193 fields = {
16294 source = {
16395 display_name = "Source of data asset"
96+ is_required = true
16497 type = {
16598 primitive_type = "STRING"
16699 }
167- is_required = true
168100 }
169101 }
170102 }
@@ -179,18 +111,17 @@ module "data-catalog-tag-template" {
179111``` yaml
180112# tftest-file id=demo_tag path=data/demo.yaml
181113
182- region : europe-west2
183114display_name : Demo Tag Template
184115fields :
185116 source :
186117 display_name : Source of data asset
118+ is_required : true
187119 type :
188120 primitive_type : STRING
189- is_required : true
190121 pii_type :
191122 display_name : PII type
192123 type :
193- enum_type :
124+ enum_type_values :
194125 - EMAIL
195126 - SOCIAL SECURITY NUMBER
196127 - NONE
@@ -200,17 +131,15 @@ fields:
200131
201132| name | description | type | required | default |
202133|---|---|:---:|:---:|:---:|
203- | [project_id](variables.tf#L62) | Id of the project where Tag Templates will be created. | <code>string</code> | ✓ | |
134+ | [project_id](variables.tf#L26) | Id of the project where Tag Templates will be created. | <code>string</code> | ✓ | |
135+ | [region](variables.tf#L31) | Default region for tag templates. | <code>string</code> | ✓ | |
204136| [factories_config](variables.tf#L17) | Paths to data files and folders that enable factory functionality. | <code title="object({ tag_templates = optional(string) })">object({…})</code> | | <code>{}</code> |
205- | [iam](variables.tf#L26) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
206- | [iam_bindings](variables.tf#L32) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | <code title="map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
207- | [iam_bindings_additive](variables.tf#L47) | Individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
208- | [tag_templates](variables.tf#L67) | Tag templates definitions in the form {TAG_TEMPLATE_ID => TEMPLATE_DEFINITION}. | <code title="map(object({ display_name = optional(string) force_delete = optional(bool, false) region = string fields = map(object({ display_name = optional(string) description = optional(string) type = object({ primitive_type = optional(string) enum_type = optional(list(object({ allowed_values = object({ display_name = string }) })), null) }) is_required = optional(bool, false) order = optional(number) })) }))">map(object({…}))</code> | | <code>{}</code> |
137+ | [tag_templates](variables.tf#L36) | Tag templates definitions in the form {TAG_TEMPLATE_ID => TEMPLATE_DEFINITION}. | <code title="map(object({ display_name = optional(string) force_delete = optional(bool, false) region = optional(string) fields = map(object({ display_name = optional(string) description = optional(string) is_required = optional(bool, false) order = optional(number) type = object({ primitive_type = optional(string) enum_type_values = optional(list(string)) }) })) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
209138
210139## Outputs
211140
212141| name | description | sensitive |
213142|---|---|:---:|
214143| [data_catalog_tag_template_ids](outputs.tf#L17) | Data catalog tag template ids. | |
215- | [data_catalog_tag_templates](outputs.tf#L22 ) | Data catalog tag templates. | |
144+ | [data_catalog_tag_templates](outputs.tf#L25 ) | Data catalog tag templates. | |
216145<!-- END TFDOC -->
0 commit comments