Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support configuration of a default project-level Cloud KMS key for BigQuery #20072

Closed
rorynickolls-skyral opened this issue Oct 29, 2024 · 4 comments
Closed

Support configuration of a default project-level Cloud KMS key for BigQuery #20072

rorynickolls-skyral opened this issue Oct 29, 2024 · 4 comments
Labels
enhancement forward/linked new-resource service/bigquery size/m
Milestone
Goals

Comments

@rorynickolls-skyral
Copy link

rorynickolls-skyral commented Oct 29, 2024
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

When BigQuery uses a customer-managed Cloud KMS key for encryption, the key needs to be explicitly specified at query-time.

We currently use the BigQuery datasource for Grafana, and that has no option to specify a key.

Instead, I've had to manually run a DDL statement which appears to be the only way set the project default key (Google docs)

There doesn't appear to be a way to configure BigQuery at the project level like this through the Terraform provider but it'd be great to do so and avoid this manual step.

New or Affected Resource(s)

  • google_bigquery_*

Potential Terraform Configuration

resource "google_bigquery_options" "eu_bigquery_options" {
  project = <project>
  region = "eu"
  
  default_kms_key_name = "my_kms_key"
}

References

No response

b/377316940
@github-actions github-actions bot added forward/review In review; remove label to forward service/bigquery labels Oct 29, 2024
@rileykarson rileykarson added new-resource size/m and removed forward/review In review; remove label to forward labels Nov 4, 2024
@rileykarson rileykarson added this to the Goals milestone Nov 4, 2024
@rileykarson
Copy link
Collaborator

I think this would be a new resource? We can fix the tags if not.

@wj-chen
Copy link

wj-chen commented Nov 7, 2024

Yes the only way to set a project-level default key is by running a DDL statement today. You may explore using the google_bigquery_job Terraform resource to run that statement as a query job in your setup. Please let us know if that works or doesn't work for your use case.

@wj-chen
Copy link

wj-chen commented Dec 16, 2024

Requesting the current terraform-team-oncall @shuyama1 to close this issue as a workaround has been communicated over a month ago and we won't be pursuing adding that functionality to an existing or new Terraform resource at this time.

@wj-chen
Copy link

wj-chen commented Jan 8, 2025

Requesting the current terraform-team-oncall @shuyama1 to close this issue as a workaround has been communicated over a month ago and we won't be pursuing adding that functionality to an existing or new Terraform resource at this time.

@shuyama1 Could you help close this issue? Thanks.

@shuyama1 shuyama1 closed this as completed Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement forward/linked new-resource service/bigquery size/m
Projects
None yet
Milestone
Goals
Development

No branches or pull requests
5 participants
@rileykarson @modular-magician @wj-chen @shuyama1 @rorynickolls-skyral