github/genai-toolbox
1
0
Fork 0
mirror of https://github.com/googleapis/genai-toolbox.git synced 2026-02-05 12:45:11 -05:00
Code Issues Packages Projects Releases 14 Wiki Activity
Files
b6835aedd33459efbd2fa77dcc01399cfa980caf
genai-toolbox/docs/en/resources/tools/bigquery/bigquery-execute-sql.md
Yuan Teoh 293c1d6889 feat!: update configuration file v2 (#2369) 
This PR introduces a significant update to the Toolbox configuration
file format, which is one of the primary **breaking changes** required
for the implementation of the Advanced Control Plane.

# Summary of Changes
The configuration schema has been updated to enforce resource isolation
and facilitate atomic, incremental updates.
* Resource Isolation: Resource definitions are now separated into
individual blocks, using a distinct structure for each resource type
(Source, Tool, Toolset, etc.). This improves readability, management,
and auditing of configuration files.
* Field Name Modification: Internal field names have been modified to
align with declarative methodologies. Specifically, the configuration
now separates kind (general resource type, e.g., Source) from type
(specific implementation, e.g., Postgres).

# User Impact
Existing tools.yaml configuration files are now in an outdated format.
Users must eventually update their files to the new YAML format.

# Mitigation & Compatibility
Backward compatibility is maintained during this transition to ensure no
immediate user action is required for existing files.
* Immediate Backward Compatibility: The source code includes a
pre-processing layer that automatically detects outdated configuration
files (v1 format) and converts them to the new v2 format under the hood.
* [COMING SOON] Migration Support: The new toolbox migrate subcommand
will be introduced to allow users to automatically convert their old
configuration files to the latest format.

# Example
Example for config file v2:
```
kind: sources
name: my-pg-instance
type: cloud-sql-postgres
project: my-project
region: my-region
instance: my-instance
database: my_db
user: my_user
password: my_pass
---
kind: authServices
name: my-google-auth
type: google
clientId: testing-id
---
kind: tools
name: example_tool
type: postgres-sql
source: my-pg-instance
description: some description
statement: SELECT * FROM SQL_STATEMENT;
parameters:
- name: country
  type: string
  description: some description
---
kind: tools
name: example_tool_2
type: postgres-sql
source: my-pg-instance
description: returning the number one
statement: SELECT 1;
---
kind: toolsets
name: example_toolset
tools:
- example_tool
```

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Averi Kitsch <akitsch@google.com>
2026-01-27 16:58:43 -08:00

2.8 KiB
Raw Blame History

title, type, weight, description, aliases
title type weight description aliases
bigquery-execute-sql docs 1 A "bigquery-execute-sql" tool executes a SQL statement against BigQuery.
/resources/tools/bigquery-execute-sql

About

A bigquery-execute-sql tool executes a SQL statement against BigQuery. It's compatible with the following sources:

bigquery-execute-sql accepts the following parameters:

  • sql (required): The GoogleSQL statement to execute.
  • dry_run (optional): If set to true, the query is validated but not run, returning information about the execution instead. Defaults to false.

The behavior of this tool is influenced by the writeMode setting on its bigquery source:

  • allowed (default): All SQL statements are permitted.
  • blocked: Only SELECT statements are allowed. Any other type of statement (e.g., INSERT, UPDATE, CREATE) will be rejected.
  • protected: This mode enables session-based execution. SELECT statements can be used on all tables, while write operations are allowed only for the session's temporary dataset (e.g., CREATE TEMP TABLE ...). This prevents modifications to permanent datasets while allowing stateful, multi-step operations within a secure session.

The tool's behavior is influenced by the allowedDatasets restriction on the bigquery source. Similar to writeMode, this setting provides an additional layer of security by controlling which datasets can be accessed:

  • Without allowedDatasets restriction: The tool can execute any valid GoogleSQL query.
  • With allowedDatasets restriction: Before execution, the tool performs a dry run to analyze the query. It will reject the query if it attempts to access any table outside the allowed datasets list. To enforce this restriction, the following operations are also disallowed:
    • Dataset-level operations (e.g., CREATE SCHEMA, ALTER SCHEMA).
    • Unanalyzable operations where the accessed tables cannot be determined statically (e.g., EXECUTE IMMEDIATE, CREATE PROCEDURE, CALL).

Note: This tool is intended for developer assistant workflows with human-in-the-loop and shouldn't be used for production agents.

Example

kind: tools
name: execute_sql_tool
type: bigquery-execute-sql
source: my-bigquery-source
description: Use this tool to execute sql statement.

Reference

field type required description
type string true Must be "bigquery-execute-sql".
source string true Name of the source the SQL should execute on.
description string true Description of the tool that is passed to the LLM.
Reference in New Issue View Git Blame Copy Permalink