From 314a13284d3766413a7ab2f20ddd9b999d66b7d7 Mon Sep 17 00:00:00 2001
From: Ankit Sharma <mrankit@google.com>
Date: Thu, 9 Oct 2025 22:05:55 +0000
Subject: [PATCH 1/2] Added Bigquery datapolicies samples for C.G.C.
 documentation

---
 .../create_custom_data_masking_policy/main.tf | 46 +++++++++++++++++++
 .../main.tf                                   | 26 +++++++++++
 .../create_predefined_masking_policy/main.tf  | 26 +++++++++++
 .../create_raw_data_access_policy/main.tf     | 23 ++++++++++
 4 files changed, 121 insertions(+)
 create mode 100644 bigquery/datapolicies/create_custom_data_masking_policy/main.tf
 create mode 100644 bigquery/datapolicies/create_data_policies_with_grantees/main.tf
 create mode 100644 bigquery/datapolicies/create_predefined_masking_policy/main.tf
 create mode 100644 bigquery/datapolicies/create_raw_data_access_policy/main.tf

diff --git a/bigquery/datapolicies/create_custom_data_masking_policy/main.tf b/bigquery/datapolicies/create_custom_data_masking_policy/main.tf
new file mode 100644
index 00000000..f0aa9b11
--- /dev/null
+++ b/bigquery/datapolicies/create_custom_data_masking_policy/main.tf
@@ -0,0 +1,46 @@
+/**
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+# [START bigquery_datapolicies_create_custom_masking_policy]
+resource "google_bigquery_dataset" "default" {
+  dataset_id = "mydataset"
+  location   = "US"
+}
+
+resource "google_bigquery_routine" "default" {
+  dataset_id           = google_bigquery_dataset.default.dataset_id
+  routine_id           = "custom_masking_routine"
+  routine_type         = "SCALAR_FUNCTION"
+  language             = "SQL"
+  data_governance_type = "DATA_MASKING"
+  definition_body      = "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')"
+  return_type          = "{\"typeKind\" :  \"STRING\"}"
+
+  arguments {
+    name      = "ssn"
+    data_type = "{\"typeKind\" :  \"STRING\"}"
+  }
+}
+
+resource "google_bigquery_datapolicyv2_data_policy" "default" {
+  location         = "US"
+  data_policy_id   = "custom_masking_policy"
+  data_policy_type = "DATA_MASKING_POLICY"
+  data_masking_policy {
+    routine = google_bigquery_routine.default.id
+  }
+}
+# [END bigquery_datapolicies_create_custom_masking_policy]
+
diff --git a/bigquery/datapolicies/create_data_policies_with_grantees/main.tf b/bigquery/datapolicies/create_data_policies_with_grantees/main.tf
new file mode 100644
index 00000000..947022fd
--- /dev/null
+++ b/bigquery/datapolicies/create_data_policies_with_grantees/main.tf
@@ -0,0 +1,26 @@
+/**
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+# [START bigquery_datapolicies_create_raw_data_access_policy]
+resource "google_bigquery_datapolicyv2_data_policy" "default" {
+  location         = "US"
+  data_policy_type = "RAW_DATA_ACCESS_POLICY"
+  grantees = [
+    "principal://goog/subject/raha@altostrat.com"
+  ]
+  data_policy_id = "raw_policy"
+}
+# [END bigquery_datapolicies_create_raw_data_access_policy]
+
diff --git a/bigquery/datapolicies/create_predefined_masking_policy/main.tf b/bigquery/datapolicies/create_predefined_masking_policy/main.tf
new file mode 100644
index 00000000..aeb4017d
--- /dev/null
+++ b/bigquery/datapolicies/create_predefined_masking_policy/main.tf
@@ -0,0 +1,26 @@
+/**
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+# [START bigquery_datapolicies_create_predefined_masking_policy]
+resource "google_bigquery_datapolicyv2_data_policy" "default" {
+  location         = "US"
+  data_policy_type = "DATA_MASKING_POLICY"
+  data_masking_policy {
+    predefined_expression = "SHA256"
+  }
+  data_policy_id = "predefined_masking_policy"
+}
+# [END bigquery_datapolicies_create_predefined_masking_policy]
+
diff --git a/bigquery/datapolicies/create_raw_data_access_policy/main.tf b/bigquery/datapolicies/create_raw_data_access_policy/main.tf
new file mode 100644
index 00000000..975f7bcf
--- /dev/null
+++ b/bigquery/datapolicies/create_raw_data_access_policy/main.tf
@@ -0,0 +1,23 @@
+/**
+* Copyright 2025 Google LLC
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+# [START bigquery_datapolicies_create_raw_data_access_policy]
+resource "google_bigquery_datapolicyv2_data_policy" "default" {
+  location         = "US"
+  data_policy_type = "RAW_DATA_ACCESS_POLICY"
+  data_policy_id   = "raw_policy"
+}
+# [END bigquery_datapolicies_create_raw_data_access_policy]
+

From 20302d5e376784be614bb56104742c0f322e6428 Mon Sep 17 00:00:00 2001
From: Ankit Sharma <mrankit@google.com>
Date: Thu, 9 Oct 2025 22:15:25 +0000
Subject: [PATCH 2/2] Add bigquery data policy api to test setup

---
 test/setup/main.tf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/setup/main.tf b/test/setup/main.tf
index e07650b8..92e96386 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -46,6 +46,7 @@ module "projects" {
     "biglake.googleapis.com",
     "bigquery.googleapis.com",
     "bigqueryconnection.googleapis.com",
+    "bigquerydatapolicy.googleapis.com",
     "certificatemanager.googleapis.com",
     "compute.googleapis.com",
     "cloudbuild.googleapis.com",