Docs
PackagesSnowflake v0.52.0 published on Thursday, Apr 18, 2024 by Pulumi
snowflake.MaskingPolicy
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";
const test = new snowflake.MaskingPolicy("test", {
database: "EXAMPLE_DB",
maskingExpression: ` case
when current_role() in ('ROLE_A') then
val
when is_role_in_session( 'ROLE_B' ) then
'ABC123'
else
'******'
end
`,
returnDataType: "VARCHAR",
schema: "EXAMPLE_SCHEMA",
signature: {
columns: [{
name: "val",
type: "VARCHAR",
}],
},
});
import pulumi
import pulumi_snowflake as snowflake
test = snowflake.MaskingPolicy("test",
database="EXAMPLE_DB",
masking_expression=""" case
when current_role() in ('ROLE_A') then
val
when is_role_in_session( 'ROLE_B' ) then
'ABC123'
else
'******'
end
""",
return_data_type="VARCHAR",
schema="EXAMPLE_SCHEMA",
signature=snowflake.MaskingPolicySignatureArgs(
columns=[snowflake.MaskingPolicySignatureColumnArgs(
name="val",
type="VARCHAR",
)],
))
package main
import (
"github.com/pulumi/pulumi-snowflake/sdk/go/snowflake"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := snowflake.NewMaskingPolicy(ctx, "test", &snowflake.MaskingPolicyArgs{
Database: pulumi.String("EXAMPLE_DB"),
MaskingExpression: pulumi.String(` case
when current_role() in ('ROLE_A') then
val
when is_role_in_session( 'ROLE_B' ) then
'ABC123'
else
'******'
end
`),
ReturnDataType: pulumi.String("VARCHAR"),
Schema: pulumi.String("EXAMPLE_SCHEMA"),
Signature: &snowflake.MaskingPolicySignatureArgs{
Columns: snowflake.MaskingPolicySignatureColumnArray{
&snowflake.MaskingPolicySignatureColumnArgs{
Name: pulumi.String("val"),
Type: pulumi.String("VARCHAR"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Snowflake = Pulumi.Snowflake;
return await Deployment.RunAsync(() =>
{
var test = new Snowflake.MaskingPolicy("test", new()
{
Database = "EXAMPLE_DB",
MaskingExpression = @" case
when current_role() in ('ROLE_A') then
val
when is_role_in_session( 'ROLE_B' ) then
'ABC123'
else
'******'
end
",
ReturnDataType = "VARCHAR",
Schema = "EXAMPLE_SCHEMA",
Signature = new Snowflake.Inputs.MaskingPolicySignatureArgs
{
Columns = new[]
{
new Snowflake.Inputs.MaskingPolicySignatureColumnArgs
{
Name = "val",
Type = "VARCHAR",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.MaskingPolicy;
import com.pulumi.snowflake.MaskingPolicyArgs;
import com.pulumi.snowflake.inputs.MaskingPolicySignatureArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new MaskingPolicy("test", MaskingPolicyArgs.builder()
.database("EXAMPLE_DB")
.maskingExpression("""
case
when current_role() in ('ROLE_A') then
val
when is_role_in_session( 'ROLE_B' ) then
'ABC123'
else
'******'
end
""")
.returnDataType("VARCHAR")
.schema("EXAMPLE_SCHEMA")
.signature(MaskingPolicySignatureArgs.builder()
.columns(MaskingPolicySignatureColumnArgs.builder()
.name("val")
.type("VARCHAR")
.build())
.build())
.build());
}
}
resources:
test:
type: snowflake:MaskingPolicy
properties:
database: EXAMPLE_DB
maskingExpression: " case \n when current_role() in ('ROLE_A') then \n val \n when is_role_in_session( 'ROLE_B' ) then \n 'ABC123'\n else\n '******'\n end\n\n"
returnDataType: VARCHAR
schema: EXAMPLE_SCHEMA
signature:
columns:
- name: val
type: VARCHAR
Create MaskingPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new MaskingPolicy(name: string, args: MaskingPolicyArgs, opts?: CustomResourceOptions);@overload
def MaskingPolicy(resource_name: str,
args: MaskingPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def MaskingPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
database: Optional[str] = None,
masking_expression: Optional[str] = None,
return_data_type: Optional[str] = None,
schema: Optional[str] = None,
signature: Optional[MaskingPolicySignatureArgs] = None,
comment: Optional[str] = None,
exempt_other_policies: Optional[bool] = None,
if_not_exists: Optional[bool] = None,
name: Optional[str] = None,
or_replace: Optional[bool] = None)func NewMaskingPolicy(ctx *Context, name string, args MaskingPolicyArgs, opts ...ResourceOption) (*MaskingPolicy, error)public MaskingPolicy(string name, MaskingPolicyArgs args, CustomResourceOptions? opts = null)
public MaskingPolicy(String name, MaskingPolicyArgs args)
public MaskingPolicy(String name, MaskingPolicyArgs args, CustomResourceOptions options)
type: snowflake:MaskingPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MaskingPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MaskingPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MaskingPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MaskingPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MaskingPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var maskingPolicyResource = new Snowflake.MaskingPolicy("maskingPolicyResource", new()
{
Database = "string",
MaskingExpression = "string",
ReturnDataType = "string",
Schema = "string",
Signature = new Snowflake.Inputs.MaskingPolicySignatureArgs
{
Columns = new[]
{
new Snowflake.Inputs.MaskingPolicySignatureColumnArgs
{
Name = "string",
Type = "string",
},
},
},
Comment = "string",
ExemptOtherPolicies = false,
IfNotExists = false,
Name = "string",
OrReplace = false,
});
example, err := snowflake.NewMaskingPolicy(ctx, "maskingPolicyResource", &snowflake.MaskingPolicyArgs{
Database: pulumi.String("string"),
MaskingExpression: pulumi.String("string"),
ReturnDataType: pulumi.String("string"),
Schema: pulumi.String("string"),
Signature: &snowflake.MaskingPolicySignatureArgs{
Columns: snowflake.MaskingPolicySignatureColumnArray{
&snowflake.MaskingPolicySignatureColumnArgs{
Name: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
},
Comment: pulumi.String("string"),
ExemptOtherPolicies: pulumi.Bool(false),
IfNotExists: pulumi.Bool(false),
Name: pulumi.String("string"),
OrReplace: pulumi.Bool(false),
})
var maskingPolicyResource = new MaskingPolicy("maskingPolicyResource", MaskingPolicyArgs.builder()
.database("string")
.maskingExpression("string")
.returnDataType("string")
.schema("string")
.signature(MaskingPolicySignatureArgs.builder()
.columns(MaskingPolicySignatureColumnArgs.builder()
.name("string")
.type("string")
.build())
.build())
.comment("string")
.exemptOtherPolicies(false)
.ifNotExists(false)
.name("string")
.orReplace(false)
.build());
masking_policy_resource = snowflake.MaskingPolicy("maskingPolicyResource",
database="string",
masking_expression="string",
return_data_type="string",
schema="string",
signature=snowflake.MaskingPolicySignatureArgs(
columns=[snowflake.MaskingPolicySignatureColumnArgs(
name="string",
type="string",
)],
),
comment="string",
exempt_other_policies=False,
if_not_exists=False,
name="string",
or_replace=False)
const maskingPolicyResource = new snowflake.MaskingPolicy("maskingPolicyResource", {
database: "string",
maskingExpression: "string",
returnDataType: "string",
schema: "string",
signature: {
columns: [{
name: "string",
type: "string",
}],
},
comment: "string",
exemptOtherPolicies: false,
ifNotExists: false,
name: "string",
orReplace: false,
});
type: snowflake:MaskingPolicy
properties:
comment: string
database: string
exemptOtherPolicies: false
ifNotExists: false
maskingExpression: string
name: string
orReplace: false
returnDataType: string
schema: string
signature:
columns:
- name: string
type: string
MaskingPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The MaskingPolicy resource accepts the following input properties:
- Database string
- The database in which to create the masking policy.
- Masking
Expression string - Specifies the SQL expression that transforms the data.
- Return
Data stringType - Specifies the data type to return.
- Schema string
- The schema in which to create the masking policy.
- Signature
Masking
Policy Signature - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- Comment string
- Specifies a comment for the masking policy.
- Exempt
Other boolPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- If
Not boolExists - Prevent overwriting a previous masking policy with the same name.
- Name string
- Specifies the column name to mask.
- Or
Replace bool - Whether to override a previous masking policy with the same name.
- Database string
- The database in which to create the masking policy.
- Masking
Expression string - Specifies the SQL expression that transforms the data.
- Return
Data stringType - Specifies the data type to return.
- Schema string
- The schema in which to create the masking policy.
- Signature
Masking
Policy Signature Args - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- Comment string
- Specifies a comment for the masking policy.
- Exempt
Other boolPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- If
Not boolExists - Prevent overwriting a previous masking policy with the same name.
- Name string
- Specifies the column name to mask.
- Or
Replace bool - Whether to override a previous masking policy with the same name.
- database String
- The database in which to create the masking policy.
- masking
Expression String - Specifies the SQL expression that transforms the data.
- return
Data StringType - Specifies the data type to return.
- schema String
- The schema in which to create the masking policy.
- signature
Masking
Policy Signature - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment String
- Specifies a comment for the masking policy.
- exempt
Other BooleanPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if
Not BooleanExists - Prevent overwriting a previous masking policy with the same name.
- name String
- Specifies the column name to mask.
- or
Replace Boolean - Whether to override a previous masking policy with the same name.
- database string
- The database in which to create the masking policy.
- masking
Expression string - Specifies the SQL expression that transforms the data.
- return
Data stringType - Specifies the data type to return.
- schema string
- The schema in which to create the masking policy.
- signature
Masking
Policy Signature - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment string
- Specifies a comment for the masking policy.
- exempt
Other booleanPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if
Not booleanExists - Prevent overwriting a previous masking policy with the same name.
- name string
- Specifies the column name to mask.
- or
Replace boolean - Whether to override a previous masking policy with the same name.
- database str
- The database in which to create the masking policy.
- masking_
expression str - Specifies the SQL expression that transforms the data.
- return_
data_ strtype - Specifies the data type to return.
- schema str
- The schema in which to create the masking policy.
- signature
Masking
Policy Signature Args - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment str
- Specifies a comment for the masking policy.
- exempt_
other_ boolpolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if_
not_ boolexists - Prevent overwriting a previous masking policy with the same name.
- name str
- Specifies the column name to mask.
- or_
replace bool - Whether to override a previous masking policy with the same name.
- database String
- The database in which to create the masking policy.
- masking
Expression String - Specifies the SQL expression that transforms the data.
- return
Data StringType - Specifies the data type to return.
- schema String
- The schema in which to create the masking policy.
- signature Property Map
- The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment String
- Specifies a comment for the masking policy.
- exempt
Other BooleanPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if
Not BooleanExists - Prevent overwriting a previous masking policy with the same name.
- name String
- Specifies the column name to mask.
- or
Replace Boolean - Whether to override a previous masking policy with the same name.
Outputs
All input properties are implicitly available as output properties. Additionally, the MaskingPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Qualified
Name string - Specifies the qualified identifier for the masking policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Qualified
Name string - Specifies the qualified identifier for the masking policy.
- id String
- The provider-assigned unique ID for this managed resource.
- qualified
Name String - Specifies the qualified identifier for the masking policy.
- id string
- The provider-assigned unique ID for this managed resource.
- qualified
Name string - Specifies the qualified identifier for the masking policy.
- id str
- The provider-assigned unique ID for this managed resource.
- qualified_
name str - Specifies the qualified identifier for the masking policy.
- id String
- The provider-assigned unique ID for this managed resource.
- qualified
Name String - Specifies the qualified identifier for the masking policy.
Look up Existing MaskingPolicy Resource
Get an existing MaskingPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MaskingPolicyState, opts?: CustomResourceOptions): MaskingPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
database: Optional[str] = None,
exempt_other_policies: Optional[bool] = None,
if_not_exists: Optional[bool] = None,
masking_expression: Optional[str] = None,
name: Optional[str] = None,
or_replace: Optional[bool] = None,
qualified_name: Optional[str] = None,
return_data_type: Optional[str] = None,
schema: Optional[str] = None,
signature: Optional[MaskingPolicySignatureArgs] = None) -> MaskingPolicyfunc GetMaskingPolicy(ctx *Context, name string, id IDInput, state *MaskingPolicyState, opts ...ResourceOption) (*MaskingPolicy, error)public static MaskingPolicy Get(string name, Input<string> id, MaskingPolicyState? state, CustomResourceOptions? opts = null)public static MaskingPolicy get(String name, Output<String> id, MaskingPolicyState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Comment string
- Specifies a comment for the masking policy.
- Database string
- The database in which to create the masking policy.
- Exempt
Other boolPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- If
Not boolExists - Prevent overwriting a previous masking policy with the same name.
- Masking
Expression string - Specifies the SQL expression that transforms the data.
- Name string
- Specifies the column name to mask.
- Or
Replace bool - Whether to override a previous masking policy with the same name.
- Qualified
Name string - Specifies the qualified identifier for the masking policy.
- Return
Data stringType - Specifies the data type to return.
- Schema string
- The schema in which to create the masking policy.
- Signature
Masking
Policy Signature - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- Comment string
- Specifies a comment for the masking policy.
- Database string
- The database in which to create the masking policy.
- Exempt
Other boolPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- If
Not boolExists - Prevent overwriting a previous masking policy with the same name.
- Masking
Expression string - Specifies the SQL expression that transforms the data.
- Name string
- Specifies the column name to mask.
- Or
Replace bool - Whether to override a previous masking policy with the same name.
- Qualified
Name string - Specifies the qualified identifier for the masking policy.
- Return
Data stringType - Specifies the data type to return.
- Schema string
- The schema in which to create the masking policy.
- Signature
Masking
Policy Signature Args - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment String
- Specifies a comment for the masking policy.
- database String
- The database in which to create the masking policy.
- exempt
Other BooleanPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if
Not BooleanExists - Prevent overwriting a previous masking policy with the same name.
- masking
Expression String - Specifies the SQL expression that transforms the data.
- name String
- Specifies the column name to mask.
- or
Replace Boolean - Whether to override a previous masking policy with the same name.
- qualified
Name String - Specifies the qualified identifier for the masking policy.
- return
Data StringType - Specifies the data type to return.
- schema String
- The schema in which to create the masking policy.
- signature
Masking
Policy Signature - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment string
- Specifies a comment for the masking policy.
- database string
- The database in which to create the masking policy.
- exempt
Other booleanPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if
Not booleanExists - Prevent overwriting a previous masking policy with the same name.
- masking
Expression string - Specifies the SQL expression that transforms the data.
- name string
- Specifies the column name to mask.
- or
Replace boolean - Whether to override a previous masking policy with the same name.
- qualified
Name string - Specifies the qualified identifier for the masking policy.
- return
Data stringType - Specifies the data type to return.
- schema string
- The schema in which to create the masking policy.
- signature
Masking
Policy Signature - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment str
- Specifies a comment for the masking policy.
- database str
- The database in which to create the masking policy.
- exempt_
other_ boolpolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if_
not_ boolexists - Prevent overwriting a previous masking policy with the same name.
- masking_
expression str - Specifies the SQL expression that transforms the data.
- name str
- Specifies the column name to mask.
- or_
replace bool - Whether to override a previous masking policy with the same name.
- qualified_
name str - Specifies the qualified identifier for the masking policy.
- return_
data_ strtype - Specifies the data type to return.
- schema str
- The schema in which to create the masking policy.
- signature
Masking
Policy Signature Args - The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
- comment String
- Specifies a comment for the masking policy.
- database String
- The database in which to create the masking policy.
- exempt
Other BooleanPolicies - Specifies whether the row access policy or conditional masking policy can reference a column that is already protected by a masking policy.
- if
Not BooleanExists - Prevent overwriting a previous masking policy with the same name.
- masking
Expression String - Specifies the SQL expression that transforms the data.
- name String
- Specifies the column name to mask.
- or
Replace Boolean - Whether to override a previous masking policy with the same name.
- qualified
Name String - Specifies the qualified identifier for the masking policy.
- return
Data StringType - Specifies the data type to return.
- schema String
- The schema in which to create the masking policy.
- signature Property Map
- The signature for the masking policy; specifies the input columns and data types to evaluate at query runtime.
Supporting Types
MaskingPolicySignature, MaskingPolicySignatureArgs
MaskingPolicySignatureColumn, MaskingPolicySignatureColumnArgs
Import
format is database name | schema name | policy name
$ pulumi import snowflake:index/maskingPolicy:MaskingPolicy example 'dbName|schemaName|policyName'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflakeTerraform Provider.