github/genai-toolbox
1
0
Fork 0
mirror of https://github.com/googleapis/genai-toolbox.git synced 2026-02-14 17:15:11 -05:00
Code Issues Packages Projects Releases 14 Wiki Activity
Files
cfd4b18dee648f770ce5da59d09da756f28b8d5d
genai-toolbox/docs/en/resources/tools/bigquery/bigquery-execute-sql.md
Huan Chen 63adc78bea feat(source/bigquery): add optional write mode config (#1157) 
Summary
Adds an optional write_mode configuration to the BigQuery source,
enhancing security by controlling the types of SQL statements that can
be executed to prevent unauthorized data modification.

Key Changes
Added writeMode Configuration: A new write_mode field is added to the
BigQuery source, supporting three modes:

allowed (Default): Permits all SQL statements.

blocked: Allows only SELECT queries.

protected: Enables session-based execution, restricting write operations
(like CREATE TABLE) to the session's temporary dataset, thus protecting
permanent datasets. Note: at the moment, this won't work with
useClientOAuth, will fix this in the future.

These restrictions primarily apply to the bigquery-execute-sql tool and
the session may be used in other tools.
2025-10-08 13:40:48 -07:00

3.2 KiB
Raw Blame History

title, type, weight, description, aliases
title type weight description aliases
bigquery-execute-sql docs 1 A "bigquery-execute-sql" tool executes a SQL statement against BigQuery.
/resources/tools/bigquery-execute-sql

About

A bigquery-execute-sql tool executes a SQL statement against BigQuery. It's compatible with the following sources:

bigquery-execute-sql accepts the following parameters:

  • sql (required): The GoogleSQL statement to execute.
  • dry_run (optional): If set to true, the query is validated but not run, returning information about the execution instead. Defaults to false.

The behavior of this tool is influenced by the writeMode setting on its bigquery source:

  • allowed (default): All SQL statements are permitted.
  • blocked: Only SELECT statements are allowed. Any other type of statement (e.g., INSERT, UPDATE, CREATE) will be rejected.
  • protected: This mode enables session-based execution. SELECT statements can be used on all tables, while write operations are allowed only for the session's temporary dataset (e.g., CREATE TEMP TABLE ...). This prevents modifications to permanent datasets while allowing stateful, multi-step operations within a secure session.

The tool's behavior is influenced by the allowedDatasets restriction on the bigquery source. Similar to writeMode, this setting provides an additional layer of security by controlling which datasets can be accessed:

  • Without allowedDatasets restriction: The tool can execute any valid GoogleSQL query.
  • With allowedDatasets restriction: Before execution, the tool performs a dry run to analyze the query. It will reject the query if it attempts to access any table outside the allowed datasets list. To enforce this restriction, the following operations are also disallowed:
    • Dataset-level operations (e.g., CREATE SCHEMA, ALTER SCHEMA).
    • Unanalyzable operations where the accessed tables cannot be determined statically (e.g., EXECUTE IMMEDIATE, CREATE PROCEDURE, CALL).

Note: This tool is intended for developer assistant workflows with human-in-the-loop and shouldn't be used for production agents.

Example

tools:
 execute_sql_tool:
    kind: bigquery-execute-sql
    source: my-bigquery-source
    description: Use this tool to execute sql statement.

Reference

field type required description
kind string true Must be "bigquery-execute-sql".
source string true Name of the source the SQL should execute on.
description string true Description of the tool that is passed to the LLM.
Reference in New Issue View Git Blame Copy Permalink