feat(bigquery): WIP add samples for access policies

bigquery/cloud-client/app.js

@@ -0,0 +1,43 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+"use strict";
+
+const { viewDatasetAccessPolicy } = require("./src/viewDatasetAccessPolicy")
+const { viewTableOrViewAccessPolicy } = require("./src/viewTableOrViewAccessPolicy")
+
+async function main() {
+    try {
+        // Example usage of dataset access policy viewer
+        await viewDatasetAccessPolicy();
+
+        // Example usage of table/view access policy viewer
+        const projectId = process.env.GOOGLE_CLOUD_PROJECT;
+        await viewTableOrViewAccessPolicy({
+            projectId,
+            datasetId: "my_new_dataset",
+            resourceName: "my_table",
+        });
+    } catch (error) {
+        console.error("Error:", error);
+        processors.exitCode = 1;
+    }
+}
+
+// Run the samples if this file is run directly
+if (require.main === module) {
+    main();
+}
+
+module.export = { viewDatasetAccessPolicy, viewTableOrViewAccessPolicy }

bigquery/cloud-client/package.json

@@ -0,0 +1,27 @@
+{
+    "name": "bigquery-cloud-client",
+    "description": "Big Query Cloud Client Node.js for Google App",
+    "version": "0.0.1",
+    "private": true,
+    "license": "Apache Version 2.0",
+    "author": "Google Inc.",
+    "engines": {
+        "node": "20.x"
+    },
+    "scripts": {
+        "deploy": "gcloud app deploy",
+        "start": "node app.js",
+        "unit-test": "c8 mocha -p -j 2 test/ --timeout=10000 --exit",
+        "test": "npm run unit-test"
+    },
+    "dependencies": {
+        "@google-cloud/bigquery": "7.9.2"
+    },
+    "devDependencies": {
+        "c8": "^10.0.0",
+        "chai": "^4.5.0",
+        "mocha": "^10.0.0",
+        "proxysquire": "^2.1.0",
+        "sinon": "^18.0.0"
+    }
+}

bigquery/cloud-client/src/viewDatasetAccessPolicy.js

@@ -0,0 +1,58 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+"use strict";
+
+const { BigQuery } = require("@google-cloud/bigquery");
+
+// [START bigquery_view_dataset_access_policy]
+/**
+ * View access policies for a BigQuery dataset
+ * 
+ * @param {object} [overrideValues] Optional parameters to override defaults
+ * @param {string} [overrideValues.datasetId] Dataset ID to view access policies
+ */
+
+async function viewDatasetAccessPolicy(overrideValues = {}) {
+    // Instantiate BigQuery client
+    const bigquery = new BigQuery();
+
+    // Dataset from which to get the access policy
+    const datasetId = overrideValues.datasetId || "my_new_dataset";
+
+    try {
+        // Prepares a reference to the dataset
+        const dataset = bigquery.dataset(datasetId);
+        const [metadata] = await dataset.getMetadata();
+
+        // Shows the Access policy as a list of access entries
+        console.log("Access entries:", metadata.access);
+
+        // Get properties for an AccessEntry
+        if (metadata.access && metadata.access.length > 0) {
+            console.log(`Details for Access entry 0 in dataset '${datasetId}':`);
+            console.log(`Role: '${metadata.access[0].role || "N/A"}'`);
+            console.log(`SpecialGroup: '${metadata.access[0].specialGroup || "N/A"}'`);
+            console.log(`UserByEmail: '${metadata.access[0].userByEmail || "N/A"}'`);
+        }
+    } catch (error) {
+        console.lerror(`Error viewing dataset access policy: ${error.message}`);
+    }
+}
+
+// [END bigquery_view_dataset_access_policy]
+
+module.exports = {
+    viewDatasetAccessPolicy,
+};

bigquery/cloud-client/src/viewTableOrViewAccessPolicy.js

@@ -0,0 +1,71 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+"use strict";
+
+const { BigQuery } = require("@google-cloud/bigquery");
+
+// [START bigquery_view_table_or_view_access_policy]
+/**
+ * View access policies for a BigQuery table or view
+ * 
+ * @param {object} [overrideValues] Optional parameters to override defaults
+ * @param {string} [overrideValues.projectId] Google Cloud project ID
+ * @param {string} [overrideValues.datasetId] Dataset ID where the table or view is located
+ * @param {string} [overrideValues.resourceName] Table or view name to get the access policy
+ * @throws {Error} If required parameters are missing or if there's an API error
+ */
+
+async function viewTableOrViewAccessPolicy(overrideValues = {}) {
+    // Initialize default values
+    const projectId = overrideValues.projectId || processors.env.GOOGLE_CLOUD_PROJECT;
+    const datasetId = overrideValues.datasetId || "my_new_dataset";
+    const resourceName = overrideValues.resourceName || "my_table";
+
+    if (!projectId) {
+        throw new Error("Project ID is required. Set it in overrideValues or GOOGLE_CLOUD_PROJECT environment variable.")
+    }
+
+    try {
+        // // Instantiate BigQuery client
+        const bigquery = new BigQuery();
+
+        // Get the IAM access policy from the table or view
+        const [policy] = await bigquery
+            .dataset(datasetId)
+            .table(resourceName)
+            .getIamPolicy();
+
+        // Show policy details
+        console.log(`Access Policy details for table or view '${resourceName}':`);
+        console.log(`Bindings: ${JSON.stringify(policy.bindings, null, 2)}`);
+        console.log(`etag: ${policy.etag}`);
+        console.log(`version: ${policy.version}`);
+
+        return policy;
+    } catch (error) {
+        console.error(`Error viewing table/view access policy: ${error.message}`);
+        throw error;
+    }
+}
+// [END bigquery_view_table_or_view_access_policy]
+
+// If this file is run directly, execute the function with default values
+if (require.main === module) {
+    viewTableOrViewAccessPolicy().catch(console.error);
+}
+
+module.exports = {
+    viewTableOrViewAccessPolicy,
+};

bigquery/cloud-client/test/viewDatasetAccessPolicy.test.js

@@ -0,0 +1,99 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+"use strict";
+
+const { assert } = require("chai");
+const sinon = require("sinon");
+const { BigQuery } = require("@google-cloud/bigquery")
+const { viewDatasetAccessPolicy } = require("../src/viewDatasetAccessPolicy")
+
+describe("viewDatasetAccessPolicy", () => {
+    let bigQueryStub;
+    let consoleLogSpy;
+
+    const sampleAccessEntry = {
+        role: "READER",
+        specialGroup: "projectReaders",
+        userByEmail: "[email protected]",
+    };
+
+    beforeEach(() => {
+        // Stub BigQuery client
+        bigQueryStub = {
+            dataset: sinon.stub().returns({
+                getMetadata: sinon.stub().resolves([
+                    {
+                        access: [sampleAccessEntry],
+                    },
+                ]),
+            }),
+        };
+
+        // Stub BigQuery constructor
+        sinon.stub(BigQuery.prototype, "dataset").callsFake(bigQueryStub.dataset);
+
+        // Spy on console.log
+        consoleLogSpy = sinon.spy(console, "log");
+    });
+
+    afterEach(() => {
+        sinon.restore();
+    });
+
+    it("should display access policy details for a dataset", async () => {
+        const datasetId = "test_dataset";
+
+        await viewDatasetAccessPolicy({ datasetId });
+
+        // Verify BigQuery client was called correctly
+        assert.ok(consoleLogSpy.calledWith("Access entries:", [sampleAccessEntry]));
+        assert.ok(consoleLogSpy.calledWith(`Details for Access entry 0 in dataset '${datasetId}':`));
+        assert.ok(consoleLogSpy.calledWith("Role: READER"));
+        assert.ok(consoleLogSpy.calledWith("SpecialGroup: projectReaders"));
+        assert.ok(consoleLogSpy.calledWith("UserByEmail: [email protected]"));
+    });
+
+    it("should handle datasets with no access entries", async () => {
+        // Override stub to return empty access array
+        bigQueryStub.dataset.returns({
+            getMetadata: sinon.stub().resolves([
+                {
+                    access: [],
+                },
+            ]),
+        });
+
+        await viewDatasetAccessPolicy({ datasetId: "empty_dataset" });
+
+        // Verify only the access entries message was logged
+        assert.ok(consoleLogSpy.calledWith("Access entries:", []));
+    });
+
+    it("should handle errors gracefully", async () => {
+        const errorMessage = "Dataset not found";
+
+        // Override stub to throw error
+        bigQueryStub.dataset.returns({
+            getMetadata: sinon.stub().rejects(new Error(errorMessage)),
+        });
+
+        try {
+            await viewDatasetAccessPolicy({ datasetId: "non_existent_dataset" });
+            assert.fail("Should have thrown an error");
+        } catch (error) {
+            assert.include(error.message, errorMessage);
+        }
+    });
+})