data-catalog-tag-template

Google Cloud Data Catalog Tag Template Module

This module allows managing Data Catalog Tag Templates.

Examples

Simple Tag Template

module "data-catalog-tag-template" {
  source     = "./fabric/modules/data-catalog-tag-template"
  project_id = "my-project"
  tag_templates = {
    demo_var = {
      region       = "europe-west1"
      display_name = "Demo Tag Template"
      fields = {
        source = {
          display_name = "Source of data asset"
          type = {
            primitive_type = "STRING"
          }
          is_required = true
        }
      }
    }
  }
}
# tftest modules=1 resources=1

Tag Template with IAM

module "data-catalog-tag-template" {
  source     = "./fabric/modules/data-catalog-tag-template"
  project_id = "my-project"
  tag_templates = {
    demo_var = {
      region       = "europe-west1"
      display_name = "Demo Tag Template"
      fields = {
        source = {
          display_name = "Source of data asset"
          type = {
            primitive_type = "STRING"
          }
          is_required = true
        }
      }
    }
  }
  iam = {
    "roles/datacatalog.tagTemplateOwner" = ["group:[email protected]"]
    "roles/datacatalog.tagTemplateUser"  = ["group:[email protected]"]
  }
}
# tftest modules=1 resources=3

module "data-catalog-tag-template" {
  source     = "./fabric/modules/data-catalog-tag-template"
  project_id = var.project_id
  tag_templates = {
    demo_var = {
      region       = "europe-west1"
      display_name = "Demo Tag Template"
      fields = {
        source = {
          display_name = "Source of data asset"
          type = {
            primitive_type = "STRING"
          }
          is_required = true
        }
      }
    }
  }
  iam_bindings = {
    admin-with-delegated_roles = {
      role    = "roles/datacatalog.tagTemplateOwner"
      members = ["group:[email protected]"]
      condition = {
        title = "delegated-role-grants"
        expression = format(
          "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
          join(",", formatlist("'%s'",
            [
              "roles/datacatalog.tagTemplateOwner"
            ]
          ))
        )
      }
    }
  }
}
# tftest modules=1 resources=2

module "data-catalog-tag-template" {
  source     = "./fabric/modules/data-catalog-tag-template"
  project_id = var.project_id
  tag_templates = {
    demo_var = {
      region       = "europe-west1"
      display_name = "Demo Tag Template"
      fields = {
        source = {
          display_name = "Source of data asset"
          type = {
            primitive_type = "STRING"
          }
          is_required = true
        }
      }
    }
  }
  iam_bindings_additive = {
    admin-with-delegated_roles = {
      role   = "roles/datacatalog.tagTemplateOwner"
      member = "group:[email protected]"
      condition = {
        title = "delegated-role-grants"
        expression = format(
          "api.getAttribute('iam.googleapis.com/modifiedGrantsByRole', []).hasOnly([%s])",
          join(",", formatlist("'%s'",
            [
              "roles/datacatalog.tagTemplateOwner"
            ]
          ))
        )
      }
    }
  }
}
# tftest modules=1 resources=2

Factory

Similarly to other modules, a rules factory (see Resource Factories) is also included here to allow tag template management via descriptive configuration files.

Factory configuration is via one optional attributes in the factory_config_path variable specifying the path where tag template files are stored.

Factory tag templates are merged with rules declared in code, with the latter taking precedence where both use the same key.

The name of the file will be used as tag_template_id field.

This is an example of a simple factory:

module "data-catalog-tag-template" {
  source     = "./fabric/modules/data-catalog-tag-template"
  project_id = "my-project"
  tag_templates = {
    demo_var = {
      region       = "europe-west1"
      display_name = "Demo Tag Template"
      fields = {
        source = {
          display_name = "Source of data asset"
          type = {
            primitive_type = "STRING"
          }
          is_required = true
        }
      }
    }
  }
  factories_config = {
    tag_templates = "data"
  }
}
# tftest modules=1 resources=2 files=demo_tag

# tftest-file id=demo_tag path=data/demo.yaml

region: europe-west2
display_name: Demo Tag Template
fields:
  source:
      display_name: Source of data asset
      type:
        primitive_type: STRING
      is_required: true
  pii_type:
      display_name: PII type
      type:
        enum_type:
          - EMAIL
          - SOCIAL SECURITY NUMBER
          - NONE

Variables

name	description	type	required	default
project_id	Id of the project where Tag Templates will be created.	string	✓
factories_config	Paths to data files and folders that enable factory functionality.	object({…})		{}
iam	IAM bindings in {ROLE => [MEMBERS]} format.	map(list(string))		{}
iam_bindings	Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary.	map(object({…}))		{}
iam_bindings_additive	Individual additive IAM bindings. Keys are arbitrary.	map(object({…}))		{}
tag_templates	Tag templates definitions in the form {TAG_TEMPLATE_ID => TEMPLATE_DEFINITION}.	map(object({…}))		{}

Outputs

name	description	sensitive
data_catalog_tag_template_ids	Data catalog tag template ids.
data_catalog_tag_templates	Data catalog tag templates.