google_bigquery_dataset の access 属性と google_bigquery_dataset_access

google_bigquery_dataset | Resources | hashicorp/google | Terraform Registry

google_bigquery_dataset_access | Resources | hashicorp/google | Terraform Registry

google_bigquery_dataset の access

access に対して authorative な振る舞い

code:dataset.tf

resource "google_bigquery_dataset" "dataset" {

dataset_id = "dataset"

access {

domain = "pokutuna.com"

role = "READER"

}

は

code:dataset.tfstate

~ resource "google_bigquery_dataset" "native_reports" {

...

- access {

- role = "OWNER" -> null

- user_by_email = "terraform@....iam.gserviceaccount.com" -> null

}

- access {

- role = "OWNER" -> null

- special_group = "projectOwners" -> null

}

- access {

- role = "READER" -> null

- special_group = "projectReaders" -> null

}

- access {

- role = "WRITER" -> null

- special_group = "projectWriters" -> null

}

+ access {

+ domain = "pokutuna.com"

+ role = "READER"

}

になる

google_bigquery_dataset_access

こっちは Additive な感じ

code:dataset_access.tf

resource "google_bigquery_dataset" "dataset" {

dataset_id = "my_dataset"

}

resource "google_bigquery_dataset_access" "dataset_reader" {

dataset_id = google_bigquery_dataset.dataset.dataset_id

role = "READER"

domain = "pokutuna.com"

}

は

code:dataset_access.tfstate

...

+ resource "google_bigquery_dataset_access" "native_reports_reader" {

+ api_updated_member = (known after apply)

+ dataset_id = "native_reports"

+ domain = "hatena.ne.jp"

+ id = (known after apply)

+ project = (known after apply)

+ role = "READER"

}

になる