Support for Bigtable Authorized View #6971
Description
Checklist
- I did not find a related open enhancement request.
- I understand that enhancement requests filed in the GitHub repository are by default low priority.
- If this request is time-sensitive, I have submitted a corresponding issue with GCP support.
Describe the feature or resource
Description
Cloud Bigtable introduced Authorized Views, which allow for fine-grained access control by creating subsets of a table (e.g., specific row prefixes or column families). Currently, Config Connector (KCC) supports BigtableInstance and BigtableTable, but lacks a dedicated resource to manage these views.
To ensure parity with GCP's security features and enable declarative access control, we need a new BigtableAuthorizedView resource.
As discussed in PR #5729, while the current automated resource generation tools in KCC might have limitations regarding map type support, this can be addressed by manually defining the types in the resource configuration.
Desired YAML
apiVersion: bigtable.cnrm.cloud.google.com/v1beta1
kind: BigtableAuthorizedView
metadata:
name: bigtableauthorizedview-sample
namespace: config-control
spec:
instanceRef:
name: bigtableinstance-sample
tableRef:
name: bigtabletable-sample
subsetView:
rowPrefixes:
- "user123#"
- "order#"
familySubsets:
- name: "personal_info"
qualifiers:
- "email"
- "phone"
resourceID: my-authorized-viewSupporting Documentation
Bigtable Authorized Views Overview: https://cloud.google.com/bigtable/docs/authorized-views
Additional information
This request stems from the feedback in PR #5729
Importance
No response