Support BigQuery authorized routines

[jamiet-msm]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The BigQuery UI now enables us to create authorized routines:

however there is no way to create authorized routines using terraform. This issue is a request for such a thing.

New or Affected Resource(s)

• google_bigquery_dataset_access

Potential Terraform Configuration

resource "google_bigquery_dataset_access" "access" {
  dataset_id    = google_bigquery_dataset.private.dataset_id
  routine {
    project_id = google_bigquery_routine.public.project
    dataset_id = google_bigquery_routine.public.dataset_id
    routine_id   = google_bigquery_routine.public.routine_id
  }
}

[kanata2]

Hi, I add some information.

Current problem

If you manually add authorized routine and then apply changes that include google_bigquery_dataset_iam, you'll have the problem(= delete authorized routine) as same as caution for authorized view in docs.

Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the google_bigquery_dataset_access instead.
-- ref: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_dataset_iam

[rileykarson]

Note: This likely needs to appear in a handful of places (dataset, dataset access, the fake IAM resources)

[jamiet-msm]

Note: This likely needs to appear in a handful of places (dataset, dataset access, the fake IAM resources.

Thx @rileykarson . Out of interest, what are you referring to when you say "fake IAM resources"?

[rileykarson]

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_dataset_iam (and possibly the table ones) which map to BQ access rather than IAM. They present an IAM-like interface clientside.

[jamiet-msm]

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_dataset_iam

Ah OK, yes, I know all about those (I've fallen foul of them in the past where they can obliterate regular IAM), just never heard them referred to as "fake IAM". Dangerous things.

[Tei1988]

Hi, I would like to work on this issue.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.