GoogleCloudPlatform · hao-nan-li · Aug 26, 2024 · Aug 17, 2024 · Aug 17, 2024 · Aug 22, 2024
diff --git a/mmv1/products/bigquerydatatransfer/Config.yaml b/mmv1/products/bigquerydatatransfer/Config.yaml
@@ -46,13 +46,22 @@ examples:
     vars:
       display_name: 'my-query'
       dataset_id: 'my_dataset'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'bigquerydatatransfer_config_cmek'
+    skip_test: true
+    primary_resource_id: 'query_config_cmek'
+    vars:
+      dataset_id: 'example_dataset'
+      key_name: 'example-key'
+      keyring_name: 'example-keyring'
   - !ruby/object:Provider::Terraform::Examples
     skip_test: true
     name: 'bigquerydatatransfer_config_salesforce'
     primary_resource_id: 'salesforce_config'
     vars:
       display_name: 'my-salesforce-config'
       dataset_id: 'my_dataset'
+
 parameters:
   - !ruby/object:Api::Type::String
     name: 'location'
@@ -172,6 +181,16 @@ properties:
       reingests data for [today-10, today-1], rather than ingesting data for
       just [today-1]. Only valid if the data source supports the feature.
       Set the value to 0 to use the default value.
+  - !ruby/object:Api::Type::NestedObject
+    name: 'encryptionConfiguration'
+    description: |
+      Represents the encryption configuration for a transfer.
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'kmsKeyName'
+        required: true
+        description: |
+          The name of the KMS key used for encrypting BigQuery data.
   - !ruby/object:Api::Type::Boolean
     name: 'disabled'
     description: |

diff --git a/mmv1/templates/terraform/examples/bigquerydatatransfer_config_cmek.tf.erb b/mmv1/templates/terraform/examples/bigquerydatatransfer_config_cmek.tf.erb
@@ -0,0 +1,46 @@
+data "google_project" "project" {
+}
+
+resource "google_project_iam_member" "permissions" {
+  project = data.google_project.project.project_id
+  role   = "roles/iam.serviceAccountTokenCreator"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com"
+}
+
+resource "google_bigquery_data_transfer_config" "<%= ctx[:primary_resource_id] %>" {
+  depends_on = [google_project_iam_member.permissions]
+
+  display_name           = "<%= ctx[:vars]['display_name'] %>"
+  location               = "asia-northeast1"
+  data_source_id         = "scheduled_query"
+  schedule               = "first sunday of quarter 00:00"
+  destination_dataset_id = google_bigquery_dataset.my_dataset.dataset_id
+  params = {
+    destination_table_name_template = "my_table"
+    write_disposition               = "WRITE_APPEND"
+    query                           = "SELECT name FROM tabl WHERE x = 'y'"
+  }
+
+  encryption_configuration {
+    kms_key_name = google_kms_crypto_key.crypto_key.id
+  }
+}
+
+resource "google_bigquery_dataset" "my_dataset" {
+  depends_on = [google_project_iam_member.permissions]
+
+  dataset_id    = "<%= ctx[:vars]['dataset_id'] %>"
+  friendly_name = "foo"
+  description   = "bar"
+  location      = "asia-northeast1"
+}
+
+resource "google_kms_crypto_key" "crypto_key" {
+  name     = "<%= ctx[:vars]['key_name'] %>"
+  key_ring = google_kms_key_ring.key_ring.id
+}
+
+resource "google_kms_key_ring" "key_ring" {
+  name     = "<%= ctx[:vars]['keyring_name'] %>"
+  location = "us"
+}