mirror of
https://github.com/googleapis/genai-toolbox.git
synced 2026-02-04 12:15:09 -05:00
63adc78bea
Summary Adds an optional write_mode configuration to the BigQuery source, enhancing security by controlling the types of SQL statements that can be executed to prevent unauthorized data modification. Key Changes Added writeMode Configuration: A new write_mode field is added to the BigQuery source, supporting three modes: allowed (Default): Permits all SQL statements. blocked: Allows only SELECT queries. protected: Enables session-based execution, restricting write operations (like CREATE TABLE) to the session's temporary dataset, thus protecting permanent datasets. Note: at the moment, this won't work with useClientOAuth, will fix this in the future. These restrictions primarily apply to the bigquery-execute-sql tool and the session may be used in other tools.