BigQueryDataset

Property	Value
Google Cloud Service Name	BigQuery
Google Cloud Service Documentation	/bigquery/docs/
Google Cloud REST Resource Name	bigquery/v2/datasets
Google Cloud REST Resource Documentation	/bigquery/docs/reference/rest/v2/datasets
Config Connector Resource Short Names	gcpbigquerydataset gcpbigquerydatasets bigquerydataset
Config Connector Service Name	bigquery.googleapis.com
Config Connector Resource Fully Qualified Name	bigquerydatasets.bigquery.cnrm.cloud.google.com
Can Be Referenced by IAMPolicy/IAMPolicyMember	No

Custom Resource Definition Properties

Annotations

Fields
`cnrm.cloud.google.com/delete-contents-on-destroy`
`cnrm.cloud.google.com/state-into-spec`

Spec

Schema

access:
- dataset:
    dataset:
      datasetId: string
      projectId: string
    targetTypes:
    - string
  domain: string
  groupByEmail: string
  role: string
  specialGroup: string
  userByEmail: string
  view:
    datasetId: string
    projectId: string
    tableId: string
defaultEncryptionConfiguration:
  kmsKeyRef:
    external: string
    name: string
    namespace: string
defaultPartitionExpirationMs: integer
defaultTableExpirationMs: integer
description: string
friendlyName: string
location: string
maxTimeTravelHours: string
projectRef:
  external: string
  name: string
  namespace: string
resourceID: string

Fields

Fields
`access` Optional	`list (object)` An array of objects that define dataset access for one or more entities.
`access[]` Optional	`object`
`access[].dataset` Optional	`object` Grants all resources of particular types in a particular dataset read access to the current dataset.
`access[].dataset.dataset` Required*	`object` The dataset this entry applies to.
`access[].dataset.dataset.datasetId` Required*	`string` The ID of the dataset containing this table.
`access[].dataset.dataset.projectId` Required*	`string` The ID of the project containing this table.
`access[].dataset.targetTypes` Required*	`list (string)` Which resources in the dataset this entry applies to. Currently, only views are supported, but additional target types may be added in the future. Possible values: VIEWS.
`access[].dataset.targetTypes[]` Required*	`string`
`access[].domain` Optional	`string` A domain to grant access to. Any users signed in with the domain specified will be granted the specified access.
`access[].groupByEmail` Optional	`string` An email address of a Google Group to grant access to.
`access[].role` Optional	`string` Describes the rights granted to the user specified by the other member of the access object. Basic, predefined, and custom roles are supported. Predefined roles that have equivalent basic roles are swapped by the API to their basic counterparts. See [official docs](https://cloud.google.com/bigquery/docs/access-control).
`access[].specialGroup` Optional	`string` A special group to grant access to. Possible values include: * 'projectOwners': Owners of the enclosing project. * 'projectReaders': Readers of the enclosing project. * 'projectWriters': Writers of the enclosing project. * 'allAuthenticatedUsers': All authenticated BigQuery users.
`access[].userByEmail` Optional	`string` An email address of a user to grant access to. For example: fred@example.com.
`access[].view` Optional	`object` A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation.
`access[].view.datasetId` Required*	`string` The ID of the dataset containing this table.
`access[].view.projectId` Required*	`string` The ID of the project containing this table.
`access[].view.tableId` Required*	`string` The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.
`defaultEncryptionConfiguration` Optional	`object` The default encryption key for all tables in the dataset. Once this property is set, all newly-created partitioned tables in the dataset will have encryption key set to this value, unless table creation request (or query) overrides the key.
`defaultEncryptionConfiguration.kmsKeyRef` Required*	`object` Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key.
`defaultEncryptionConfiguration.kmsKeyRef.external` Optional	`string` Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.
`defaultEncryptionConfiguration.kmsKeyRef.name` Optional	`string` Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
`defaultEncryptionConfiguration.kmsKeyRef.namespace` Optional	`string` Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
`defaultPartitionExpirationMs` Optional	`integer` The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an 'expirationMs' property in the 'timePartitioning' settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value. Setting this property overrides the use of 'defaultTableExpirationMs' for partitioned tables: only one of 'defaultTableExpirationMs' and 'defaultPartitionExpirationMs' will be used for any new partitioned table. If you provide an explicit 'timePartitioning.expirationMs' when creating or updating a partitioned table, that value takes precedence over the default partition expiration time indicated by this property.
`defaultTableExpirationMs` Optional	`integer` The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an 'expirationTime' property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the 'expirationTime' for a given table is reached, that table will be deleted automatically. If a table's 'expirationTime' is modified or removed before the table expires, or if you provide an explicit 'expirationTime' when creating a table, that value takes precedence over the default expiration time indicated by this property.
`description` Optional	`string` A user-friendly description of the dataset.
`friendlyName` Optional	`string` A descriptive name for the dataset.
`location` Optional	`string` Immutable. The geographic location where the dataset should reside. See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). There are two types of locations, regional or multi-regional. A regional location is a specific geographic place, such as Tokyo, and a multi-regional location is a large geographic area, such as the United States, that contains at least two geographic places. The default value is multi-regional location 'US'. Changing this forces a new resource to be created.
`maxTimeTravelHours` Optional	`string` Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).
`projectRef` Optional	`object` The project that this resource belongs to.
`projectRef.external` Optional	`string` Allowed value: The `name` field of a `Project` resource.
`projectRef.name` Optional	`string` Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
`projectRef.namespace` Optional	`string` Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
`resourceID` Optional	`string` Immutable. Optional. The datasetId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

access

Optional

list (object)

An array of objects that define dataset access for one or more entities.

access[]

Optional

object

access[].dataset

Optional

object

Grants all resources of particular types in a particular dataset read access to the current dataset.

access[].dataset.dataset

Required*

object

The dataset this entry applies to.

access[].dataset.dataset.datasetId

Required*

string

The ID of the dataset containing this table.

access[].dataset.dataset.projectId

Required*

string

The ID of the project containing this table.

access[].dataset.targetTypes

Required*

list (string)

Which resources in the dataset this entry applies to. Currently, only views are supported, but additional target types may be added in the future. Possible values: VIEWS.

access[].dataset.targetTypes[]

Required*

string

access[].domain

Optional

string

A domain to grant access to. Any users signed in with the domain specified will be granted the specified access.

access[].groupByEmail

Optional

string

An email address of a Google Group to grant access to.

access[].role

Optional

string

Describes the rights granted to the user specified by the other member of the access object. Basic, predefined, and custom roles are supported. Predefined roles that have equivalent basic roles are swapped by the API to their basic counterparts. See [official docs](https://cloud.google.com/bigquery/docs/access-control).

access[].specialGroup

Optional

string

A special group to grant access to. Possible values include: * 'projectOwners': Owners of the enclosing project. * 'projectReaders': Readers of the enclosing project. * 'projectWriters': Writers of the enclosing project. * 'allAuthenticatedUsers': All authenticated BigQuery users.

access[].userByEmail

Optional

string

An email address of a user to grant access to. For example: fred@example.com.

access[].view

Optional

object

A view from a different dataset to grant access to. Queries executed against that view will have read access to tables in this dataset. The role field is not required when this field is set. If that view is updated by any user, access to the view needs to be granted again via an update operation.

access[].view.datasetId

Required*

string

The ID of the dataset containing this table.

access[].view.projectId

Required*

string

The ID of the project containing this table.

access[].view.tableId

Required*

string

The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters.

defaultEncryptionConfiguration

Optional

object

The default encryption key for all tables in the dataset. Once this property is set, all newly-created partitioned tables in the dataset will have encryption key set to this value, unless table creation request (or query) overrides the key.

defaultEncryptionConfiguration.kmsKeyRef

Required*

object

Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. The BigQuery Service Account associated with your project requires access to this encryption key.

defaultEncryptionConfiguration.kmsKeyRef.external

Optional

string

Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.

defaultEncryptionConfiguration.kmsKeyRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

defaultEncryptionConfiguration.kmsKeyRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

defaultPartitionExpirationMs

Optional

integer

The default partition expiration for all partitioned tables in the dataset, in milliseconds. Once this property is set, all newly-created partitioned tables in the dataset will have an 'expirationMs' property in the 'timePartitioning' settings set to this value, and changing the value will only affect new tables, not existing ones. The storage in a partition will have an expiration time of its partition time plus this value. Setting this property overrides the use of 'defaultTableExpirationMs' for partitioned tables: only one of 'defaultTableExpirationMs' and 'defaultPartitionExpirationMs' will be used for any new partitioned table. If you provide an explicit 'timePartitioning.expirationMs' when creating or updating a partitioned table, that value takes precedence over the default partition expiration time indicated by this property.

defaultTableExpirationMs

Optional

integer

The default lifetime of all tables in the dataset, in milliseconds. The minimum value is 3600000 milliseconds (one hour). Once this property is set, all newly-created tables in the dataset will have an 'expirationTime' property set to the creation time plus the value in this property, and changing the value will only affect new tables, not existing ones. When the 'expirationTime' for a given table is reached, that table will be deleted automatically. If a table's 'expirationTime' is modified or removed before the table expires, or if you provide an explicit 'expirationTime' when creating a table, that value takes precedence over the default expiration time indicated by this property.

description

Optional

string

A user-friendly description of the dataset.

friendlyName

Optional

string

A descriptive name for the dataset.

location

Optional

string

Immutable. The geographic location where the dataset should reside. See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). There are two types of locations, regional or multi-regional. A regional location is a specific geographic place, such as Tokyo, and a multi-regional location is a large geographic area, such as the United States, that contains at least two geographic places. The default value is multi-regional location 'US'. Changing this forces a new resource to be created.

maxTimeTravelHours

Optional

string

Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).

projectRef

Optional

object

The project that this resource belongs to.

projectRef.external

Optional

string

Allowed value: The `name` field of a `Project` resource.

projectRef.name

Optional

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

projectRef.namespace

Optional

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceID

Optional

string

Immutable. Optional. The datasetId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.

* Field is required when parent field is specified

Status

Schema

conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationTime: integer
etag: string
lastModifiedTime: integer
observedGeneration: integer
selfLink: string

Fields
`conditions`	`list (object)` Conditions represent the latest available observation of the resource's current state.
`conditions[]`	`object`
`conditions[].lastTransitionTime`	`string` Last time the condition transitioned from one status to another.
`conditions[].message`	`string` Human-readable message indicating details about last transition.
`conditions[].reason`	`string` Unique, one-word, CamelCase reason for the condition's last transition.
`conditions[].status`	`string` Status is the status of the condition. Can be True, False, Unknown.
`conditions[].type`	`string` Type is the type of the condition.
`creationTime`	`integer` The time when this dataset was created, in milliseconds since the epoch.
`etag`	`string` A hash of the resource.
`lastModifiedTime`	`integer` The date when this dataset or any of its tables was last modified, in milliseconds since the epoch.
`observedGeneration`	`integer` ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.
`selfLink`	`string`

Sample YAML(s)

Typical Use Case

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: bigquery.cnrm.cloud.google.com/v1beta1
kind: BigQueryDataset
metadata:
  annotations:
    cnrm.cloud.google.com/delete-contents-on-destroy: "false"
  name: bigquerydatasetsample
spec:
  defaultTableExpirationMs: 3600000
  description: "BigQuery Dataset Sample"
  friendlyName: bigquerydataset-sample
  location: US
  access:
    - role: OWNER
      # Replace ${PROJECT_ID?} with the ID of the project where your service
      # account lives.
      userByEmail: bigquerydataset-dep@${PROJECT_ID?}.iam.gserviceaccount.com
    - role: WRITER
      specialGroup: projectWriters
    - role: READER
      domain: google.com
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  annotations:
    # Replace ${PROJECT_ID?} with your project ID.
    cnrm.cloud.google.com/project-id: "${PROJECT_ID?}"
  name: bigquerydataset-dep