Add taxonomy and policy_tag resources to data_catalog product (#4076)

* Add taxonomy and policy tag resources to data analyitics product * add explaination of supported regions and fix policy tag reference * updated spelling, iam generation, and output only property: * removed explictly stating what is supported
GoogleCloudPlatform · Oct 21, 2020 · 78d65d5 · 78d65d5
1 parent 0e90634
commit 78d65d5
Show file tree

Hide file tree

Showing 7 changed files with 204 additions and 3 deletions.
diff --git a/products/datacatalog/api.yaml b/products/datacatalog/api.yaml
@@ -17,6 +17,9 @@ versions:
   - !ruby/object:Api::Product::Version
     name: ga
     base_url: https://datacatalog.googleapis.com/v1/
+  - !ruby/object:Api::Product::Version
+    name: beta
+    base_url: https://datacatalog.googleapis.com/v1beta1/
 scopes:
   - https://www.googleapis.com/auth/cloud-platform
 apis_required:
@@ -487,3 +490,121 @@ objects:
 
           For attaching a tag to a nested column, use `.` to separate the column names. Example:
           `outer_column.inner_column`
+  - !ruby/object:Api::Resource
+    name: Taxonomy
+    base_url: projects/{{project}}/locations/{{region}}/taxonomies
+    self_link: "{{name}}"
+    min_version: beta
+    update_verb: :PATCH
+    update_mask: true
+    description: |
+      A collection of policy tags that classify data along a common axis.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation': https://cloud.google.com/data-catalog/docs
+      api: https://cloud.google.com/data-catalog/docs/reference/rest/v1beta1/projects.locations.taxonomies
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      method_name_separator: ':'
+      fetch_iam_policy_verb: :POST
+      parent_resource_attribute: 'taxonomy'
+      import_format: ["projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}", "{{taxonomy}}"]
+      base_url: "projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}"
+    parameters:
+      - !ruby/object:Api::Type::String
+        name: region
+        url_param_only: true
+        input: true
+        description: |
+          Taxonomy location region.
+    properties:
+      - !ruby/object:Api::Type::String
+        name: "name"
+        description: |
+          Resource name of this taxonomy, whose format is:
+          "projects/{project}/locations/{region}/taxonomies/{taxonomy}".
+        output: true
+      - !ruby/object:Api::Type::String
+        name: "displayName"
+        description: |
+          User defined name of this taxonomy.
+          It must: contain only unicode letters, numbers, underscores, dashes
+          and spaces; not start or end with spaces; and be at most 200 bytes
+          long when encoded in UTF-8.
+        required: true
+      - !ruby/object:Api::Type::String
+        name: "description"
+        description: |
+          Description of this taxonomy. It must: contain only unicode characters,
+          tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes
+          long when encoded in UTF-8. If not set, defaults to an empty description.
+      - !ruby/object:Api::Type::Array
+        name: "activatedPolicyTypes"
+        description: |
+          A list of policy types that are activated for this taxonomy. If not set,
+          defaults to an empty list.
+        item_type: !ruby/object:Api::Type::Enum # TOOD: should this be enum or string
+          name: 'policyType'
+          description: 'Defines policy types where policy tag can be used for'
+          values:
+            - :POLICY_TYPE_UNSPECIFIED
+            - :FINE_GRAINED_ACCESS_CONTROL
+  - !ruby/object:Api::Resource
+    name: PolicyTag
+    base_url: "{{taxonomy}}/policyTags"
+    self_link: "{{name}}"
+    min_version: beta
+    update_verb: :PATCH
+    update_mask: true
+    description: |
+      Denotes one policy tag in a taxonomy.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation': https://cloud.google.com/data-catalog/docs
+      api: https://cloud.google.com/data-catalog/docs/reference/rest/v1beta1/projects.locations.taxonomies.policyTags
+    iam_policy: !ruby/object:Api::Resource::IamPolicy
+      method_name_separator: ':'
+      fetch_iam_policy_verb: :POST
+      parent_resource_attribute: 'policy_tag'
+      import_format: ["{{%policy_tag}}"]
+      base_url: "{{%policy_tag}}"
+    parameters:
+      - !ruby/object:Api::Type::String
+        name: taxonomy
+        url_param_only: true
+        required: true
+        input: true
+        description: |
+          Taxonomy the policy tag is associated with
+    properties:
+      - !ruby/object:Api::Type::String
+        name: "name"
+        description: |
+          Resource name of this policy tag, whose format is:
+          "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}"
+        output: true
+      - !ruby/object:Api::Type::String
+        name: "displayName"
+        description: |
+          User defined name of this policy tag. It must: be unique within the parent
+          taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;
+          not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.
+        required: true
+      - !ruby/object:Api::Type::String
+        name: "description"
+        description: |
+          Description of this policy tag. It must: contain only unicode characters, tabs,
+          newlines, carriage returns and page breaks; and be at most 2000 bytes long when
+          encoded in UTF-8. If not set, defaults to an empty description.
+          If not set, defaults to an empty description.
+      - !ruby/object:Api::Type::String
+        name: "parentPolicyTag"
+        description: |
+          Resource name of this policy tag's parent policy tag.
+          If empty, it means this policy tag is a top level policy tag.
+          If not set, defaults to an empty string.
+      - !ruby/object:Api::Type::Array
+        name: "childPolicyTags"
+        description: |
+          Resource names of child policy tags of this policy tag.
+        item_type: Api::Type::String
+        output: true
diff --git a/products/datacatalog/terraform.yaml b/products/datacatalog/terraform.yaml
@@ -187,7 +187,35 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       custom_import: templates/terraform/custom_import/data_catalog_tag.go.erb
       encoder: templates/terraform/encoders/data_catalog_tag.go.erb
-# This is for copying files over
+  Taxonomy: !ruby/object:Overrides::Terraform::ResourceOverride
+    import_format: ["{{name}}"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "data_catalog_taxonomy_basic"
+        primary_resource_id: "basic_taxonomy"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_taxonomy%s\", context[\"random_suffix\"])"
+        vars:
+          display_name: "my_display_name"
+    properties:
+      region: !ruby/object:Overrides::Terraform::PropertyOverride
+        required: false
+        default_from_api: true
+  PolicyTag: !ruby/object:Overrides::Terraform::ResourceOverride
+    import_format: ["{{name}}"]
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "data_catalog_taxonomies_policy_tag_basic"
+        primary_resource_id: "basic_policy_tag"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_policy_tag%s\", context[\"random_suffix\"])"
+        vars:
+          taxonomy_display_name: "taxonomy_display_name"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "data_catalog_taxonomies_policy_tag_child_policies"
+        primary_resource_id: "child_policy"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_child_tag%s\", context[\"random_suffix\"])"
+        vars:
+          taxonomy_display_name: "taxonomy_display_name"
+  # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
   # This is usually to add licensing info, autogeneration notices, etc.

diff --git a/provider/terraform.rb b/provider/terraform.rb
@@ -316,7 +316,7 @@ def build_object_data(_pwd, object, output_folder, version)
     end
 
     def extract_identifiers(url)
-      url.scan(/\{\{(\w+)\}\}/).flatten
+      url.scan(/\{\{\%?(\w+)\}\}/).flatten
     end
 
     # Returns the id format of an object, or self_link_uri if none is explicitly defined

diff --git a/templates/terraform/examples/data_catalog_taxonomies_policy_tag_basic.tf.erb b/templates/terraform/examples/data_catalog_taxonomies_policy_tag_basic.tf.erb
@@ -0,0 +1,15 @@
+resource "google_data_catalog_policy_tag" "<%= ctx[:primary_resource_id] %>" {
+  provider = google-beta
+  taxonomy = google_data_catalog_taxonomy.my_taxonomy.id
+  display_name = "Low security"
+  description = "A policy tag normally associated with low security items"
+}
+
+resource "google_data_catalog_taxonomy" "my_taxonomy" {
+  provider = google-beta
+  region = "us"
+  display_name =  "<%= ctx[:vars]['taxonomy_display_name'] %>"
+  description = "A collection of policy tags"
+  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+}
+
diff --git a/templates/terraform/examples/data_catalog_taxonomies_policy_tag_child_policies.tf.erb b/templates/terraform/examples/data_catalog_taxonomies_policy_tag_child_policies.tf.erb
@@ -0,0 +1,30 @@
+resource "google_data_catalog_policy_tag" "parent_policy" {
+  provider = google-beta
+  taxonomy = google_data_catalog_taxonomy.my_taxonomy.id
+  display_name = "High"
+  description = "A policy tag category used for high security access"
+}
+
+resource "google_data_catalog_policy_tag" "<%= ctx[:primary_resource_id] %>" {
+  provider = google-beta
+  taxonomy = google_data_catalog_taxonomy.my_taxonomy.id
+  display_name = "ssn"
+  description = "A hash of the users ssn"
+  parent_policy_tag = google_data_catalog_policy_tag.parent_policy.id
+}
+
+resource "google_data_catalog_policy_tag" "child_policy2" {
+  provider = google-beta
+  taxonomy = google_data_catalog_taxonomy.my_taxonomy.id
+  display_name = "dob"
+  description = "The users date of birth"
+  parent_policy_tag = google_data_catalog_policy_tag.parent_policy.id
+}
+
+resource "google_data_catalog_taxonomy" "my_taxonomy" {
+  provider = google-beta
+  region = "us"
+  display_name =  "<%= ctx[:vars]['taxonomy_display_name'] %>"
+  description = "A collection of policy tags"
+  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+}
diff --git a/templates/terraform/examples/data_catalog_taxonomy_basic.tf.erb b/templates/terraform/examples/data_catalog_taxonomy_basic.tf.erb
@@ -0,0 +1,7 @@
+resource "google_data_catalog_taxonomy" "<%= ctx[:primary_resource_id] %>" {
+  provider = google-beta
+  region = "us"
+  display_name =  "<%= ctx[:vars]['display_name'] %>"
+  description = "A collection of policy tags"
+  activated_policy_types = ["FINE_GRAINED_ACCESS_CONTROL"]
+}
diff --git a/templates/terraform/iam_policy.go.erb b/templates/terraform/iam_policy.go.erb
@@ -263,7 +263,7 @@ func (u *<%= resource_name -%>IamUpdater) SetResourceIamPolicy(policy *cloudreso
 	return nil
 }
 
-<% import_url = resource_uri.gsub(/({{)(\w+)(}})/, '%s') -%>
+<% import_url = resource_uri.gsub(/({{)\%?(\w+)(}})/, '%s') -%>
 <% string_qualifiers = extract_identifiers(resource_uri.gsub('{{name}}', "{{#{parent_resource_name}}}")).map{|param| "u.#{param.camelize(:lower)}"}.join(', ') -%>
 func (u *<%= resource_name -%>IamUpdater) qualify<%= object.name -%>Url(methodIdentifier string) (string, error) {
 	urlTemplate := fmt.Sprintf("{{<%= object.__product.name -%>BasePath}}%s<%= object.iam_policy.method_name_separator -%>%s", fmt.Sprintf("<%= import_url -%>", <%= string_qualifiers -%>), methodIdentifier)