Docs
PackagesSnowflake v0.52.0 published on Thursday, Apr 18, 2024 by Pulumi
snowflake.TableColumnMaskingPolicyApplication
Explore with Pulumi AI
Applies a masking policy to a table column.
Only one masking policy may be applied per table column, hence only one snowflake.TableColumnMaskingPolicyApplication resources may be present per table column.
Using two or more snowflake.TableColumnMaskingPolicyApplication resources for the same table column will result in the last one overriding any previously applied masking policies and unresolvable diffs in pulumi preview.
When using this resource to manage a table column’s masking policy make sure to ignore changes to the column’s masking policy in the table definition, otherwise the two resources would conflict. See example below.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.Provider;
import com.pulumi.snowflake.ProviderArgs;
import com.pulumi.snowflake.MaskingPolicy;
import com.pulumi.snowflake.MaskingPolicyArgs;
import com.pulumi.snowflake.Table;
import com.pulumi.snowflake.TableArgs;
import com.pulumi.snowflake.inputs.TableColumnArgs;
import com.pulumi.snowflake.TableColumnMaskingPolicyApplication;
import com.pulumi.snowflake.TableColumnMaskingPolicyApplicationArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Alternative provider with masking_admin role
var masking = new Provider("masking", ProviderArgs.builder()
.role("MASKING_ADMIN")
.build());
var policy = new MaskingPolicy("policy", MaskingPolicyArgs.builder()
.database("EXAMPLE_DB")
.schema("EXAMPLE_SCHEMA")
.valueDataType("VARCHAR")
.maskingExpression("case when current_role() in ('ANALYST') then val else sha2(val, 512) end")
.returnDataType("VARCHAR")
.build(), CustomResourceOptions.builder()
.provider(snowflake.masking())
.build());
// Table is created by the default provider
var table = new Table("table", TableArgs.builder()
.database("EXAMPLE_DB")
.schema("EXAMPLE_SCHEMA")
.columns(TableColumnArgs.builder()
.name("secret")
.type("VARCHAR(16777216)")
.build())
.build());
var application = new TableColumnMaskingPolicyApplication("application", TableColumnMaskingPolicyApplicationArgs.builder()
.table(table.qualifiedName())
.column("secret")
.maskingPolicy(policy.qualifiedName())
.build(), CustomResourceOptions.builder()
.provider(snowflake.masking())
.build());
}
}
resources:
# Alternative provider with masking_admin role
masking:
type: pulumi:providers:snowflake
properties:
role: MASKING_ADMIN
policy:
type: snowflake:MaskingPolicy
properties:
database: EXAMPLE_DB
schema: EXAMPLE_SCHEMA
valueDataType: VARCHAR
maskingExpression: case when current_role() in ('ANALYST') then val else sha2(val, 512) end
returnDataType: VARCHAR
options:
provider: ${snowflake.masking}
# Table is created by the default provider
table:
type: snowflake:Table
properties:
database: EXAMPLE_DB
schema: EXAMPLE_SCHEMA
columns:
- name: secret
type: VARCHAR(16777216)
application:
type: snowflake:TableColumnMaskingPolicyApplication
properties:
table: ${table.qualifiedName}
column: secret
maskingPolicy: ${policy.qualifiedName}
options:
provider: ${snowflake.masking}
Create TableColumnMaskingPolicyApplication Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TableColumnMaskingPolicyApplication(name: string, args: TableColumnMaskingPolicyApplicationArgs, opts?: CustomResourceOptions);@overload
def TableColumnMaskingPolicyApplication(resource_name: str,
args: TableColumnMaskingPolicyApplicationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TableColumnMaskingPolicyApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
column: Optional[str] = None,
masking_policy: Optional[str] = None,
table: Optional[str] = None)func NewTableColumnMaskingPolicyApplication(ctx *Context, name string, args TableColumnMaskingPolicyApplicationArgs, opts ...ResourceOption) (*TableColumnMaskingPolicyApplication, error)public TableColumnMaskingPolicyApplication(string name, TableColumnMaskingPolicyApplicationArgs args, CustomResourceOptions? opts = null)
public TableColumnMaskingPolicyApplication(String name, TableColumnMaskingPolicyApplicationArgs args)
public TableColumnMaskingPolicyApplication(String name, TableColumnMaskingPolicyApplicationArgs args, CustomResourceOptions options)
type: snowflake:TableColumnMaskingPolicyApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TableColumnMaskingPolicyApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TableColumnMaskingPolicyApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TableColumnMaskingPolicyApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TableColumnMaskingPolicyApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TableColumnMaskingPolicyApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var tableColumnMaskingPolicyApplicationResource = new Snowflake.TableColumnMaskingPolicyApplication("tableColumnMaskingPolicyApplicationResource", new()
{
Column = "string",
MaskingPolicy = "string",
Table = "string",
});
example, err := snowflake.NewTableColumnMaskingPolicyApplication(ctx, "tableColumnMaskingPolicyApplicationResource", &snowflake.TableColumnMaskingPolicyApplicationArgs{
Column: pulumi.String("string"),
MaskingPolicy: pulumi.String("string"),
Table: pulumi.String("string"),
})
var tableColumnMaskingPolicyApplicationResource = new TableColumnMaskingPolicyApplication("tableColumnMaskingPolicyApplicationResource", TableColumnMaskingPolicyApplicationArgs.builder()
.column("string")
.maskingPolicy("string")
.table("string")
.build());
table_column_masking_policy_application_resource = snowflake.TableColumnMaskingPolicyApplication("tableColumnMaskingPolicyApplicationResource",
column="string",
masking_policy="string",
table="string")
const tableColumnMaskingPolicyApplicationResource = new snowflake.TableColumnMaskingPolicyApplication("tableColumnMaskingPolicyApplicationResource", {
column: "string",
maskingPolicy: "string",
table: "string",
});
type: snowflake:TableColumnMaskingPolicyApplication
properties:
column: string
maskingPolicy: string
table: string
TableColumnMaskingPolicyApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The TableColumnMaskingPolicyApplication resource accepts the following input properties:
- Column string
- The column to apply the masking policy to.
- Masking
Policy string - Fully qualified name (
database.schema.policyname) of the policy to apply. - Table string
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- Column string
- The column to apply the masking policy to.
- Masking
Policy string - Fully qualified name (
database.schema.policyname) of the policy to apply. - Table string
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column String
- The column to apply the masking policy to.
- masking
Policy String - Fully qualified name (
database.schema.policyname) of the policy to apply. - table String
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column string
- The column to apply the masking policy to.
- masking
Policy string - Fully qualified name (
database.schema.policyname) of the policy to apply. - table string
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column str
- The column to apply the masking policy to.
- masking_
policy str - Fully qualified name (
database.schema.policyname) of the policy to apply. - table str
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column String
- The column to apply the masking policy to.
- masking
Policy String - Fully qualified name (
database.schema.policyname) of the policy to apply. - table String
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
Outputs
All input properties are implicitly available as output properties. Additionally, the TableColumnMaskingPolicyApplication resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing TableColumnMaskingPolicyApplication Resource
Get an existing TableColumnMaskingPolicyApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TableColumnMaskingPolicyApplicationState, opts?: CustomResourceOptions): TableColumnMaskingPolicyApplication@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
column: Optional[str] = None,
masking_policy: Optional[str] = None,
table: Optional[str] = None) -> TableColumnMaskingPolicyApplicationfunc GetTableColumnMaskingPolicyApplication(ctx *Context, name string, id IDInput, state *TableColumnMaskingPolicyApplicationState, opts ...ResourceOption) (*TableColumnMaskingPolicyApplication, error)public static TableColumnMaskingPolicyApplication Get(string name, Input<string> id, TableColumnMaskingPolicyApplicationState? state, CustomResourceOptions? opts = null)public static TableColumnMaskingPolicyApplication get(String name, Output<String> id, TableColumnMaskingPolicyApplicationState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Column string
- The column to apply the masking policy to.
- Masking
Policy string - Fully qualified name (
database.schema.policyname) of the policy to apply. - Table string
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- Column string
- The column to apply the masking policy to.
- Masking
Policy string - Fully qualified name (
database.schema.policyname) of the policy to apply. - Table string
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column String
- The column to apply the masking policy to.
- masking
Policy String - Fully qualified name (
database.schema.policyname) of the policy to apply. - table String
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column string
- The column to apply the masking policy to.
- masking
Policy string - Fully qualified name (
database.schema.policyname) of the policy to apply. - table string
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column str
- The column to apply the masking policy to.
- masking_
policy str - Fully qualified name (
database.schema.policyname) of the policy to apply. - table str
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
- column String
- The column to apply the masking policy to.
- masking
Policy String - Fully qualified name (
database.schema.policyname) of the policy to apply. - table String
- The fully qualified name (
database.schema.table) of the table to apply the masking policy to.
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflakeTerraform Provider.