Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google_bigquery_routine missing ability to configure EXTERNAL SECURITY INVOKER mode #19221

Open
eastlondoner opened this issue Aug 22, 2024 · 4 comments · May be fixed by GoogleCloudPlatform/magic-modules#13331
Open

google_bigquery_routine missing ability to configure EXTERNAL SECURITY INVOKER mode #19221

eastlondoner opened this issue Aug 22, 2024 · 4 comments · May be fixed by GoogleCloudPlatform/magic-modules#13331
Labels
enhancement forward/linked service/bigquery upstream
Milestone
Goals

Comments

@eastlondoner
Copy link

eastlondoner commented Aug 22, 2024
edited by modular-magician
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

The google_bigquery_routine does not have a way to set the INVOKER security mode that is described here:
https://cloud.google.com/bigquery/docs/spark-procedures#use_a_custom_service_account

Without this set it's not possible to call the procedure using a custom service account. When calling with a custom service account the following error is encountered:

Invalid input during Spark procedure invocation. Custom service account is only allowed for Spark procedure in INVOKER security mode.

it would be great to add the ability to set this security mode on the google_bigquery_routine resource.

It may be that the REST API is missing the ability to set this property, I cannot see any mention of it in the REST docs
https://cloud.google.com/bigquery/docs/reference/rest/v2/routines#Routine

New or Affected Resource(s)

  • google_bigquery_routine

Potential Terraform Configuration

resource "google_bigquery_routine" "sproc" {
  ...
  external_security = "INVOKER"
}

References

No response

b/362278269
@github-actions github-actions bot added forward/review In review; remove label to forward service/bigquery labels Aug 22, 2024
@melinath
Copy link
Collaborator

Note from triage: Terraform can only support features that are exposed through the REST API, so I'm marking this as blocked pending that support.

@melinath melinath added upstream and removed forward/review In review; remove label to forward labels Aug 26, 2024
@melinath melinath added this to the Goals milestone Aug 26, 2024
@wj-chen
Copy link

wj-chen commented Aug 26, 2024

I have reached out to the BigQuery Routines team to ask about API support for setting security mode.

@wj-chen
Copy link

wj-chen commented Oct 1, 2024

I see SecurityMode in the go client library, but it's missing from the public API reference doc, most likely an oversight.

Since there appears to be API support already, we are unblocked from the Terraform work and will prioritize it in Q4.

@sachinpro sachinpro linked a pull request Mar 11, 2025 that will close this issue
Open
@sachinpro
Copy link

GoogleCloudPlatform/magic-modules#13331 adds support for this with a different field name security_mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement forward/linked service/bigquery upstream
Projects
None yet
Milestone
Goals
Development

Successfully merging a pull request may close this issue.

feat(bigquery): added security_mode option for google_bigquery_routine sachinpro/magic-modules
5 participants
@melinath @eastlondoner @sachinpro @modular-magician @wj-chen