63adc78bea
Summary Adds an optional write_mode configuration to the BigQuery source, enhancing security by controlling the types of SQL statements that can be executed to prevent unauthorized data modification. Key Changes Added writeMode Configuration: A new write_mode field is added to the BigQuery source, supporting three modes: allowed (Default): Permits all SQL statements. blocked: Allows only SELECT queries. protected: Enables session-based execution, restricting write operations (like CREATE TABLE) to the session's temporary dataset, thus protecting permanent datasets. Note: at the moment, this won't work with useClientOAuth, will fix this in the future. These restrictions primarily apply to the bigquery-execute-sql tool and the session may be used in other tools.
4.9 KiB
title, type, weight, description, aliases
| title | type | weight | description | aliases | |
|---|---|---|---|---|---|
| bigquery-sql | docs | 1 | A "bigquery-sql" tool executes a pre-defined SQL statement. |
|
About
A bigquery-sql tool executes a pre-defined SQL statement. It's compatible with
the following sources:
The behavior of this tool is influenced by the writeMode setting on its bigquery source:
allowed(default) andblocked: These modes do not impose any restrictions on thebigquery-sqltool. The pre-defined SQL statement will be executed as-is.protected: This mode enables session-based execution. The tool will operate within the same BigQuery session as other tools using the same source, allowing it to interact with temporary resources likeTEMPtables created within that session.
GoogleSQL
BigQuery uses GoogleSQL for querying data. The integration
with Toolbox supports this dialect. The specified SQL statement is executed, and
parameters can be inserted into the query. BigQuery supports both named parameters
(e.g., @name) and positional parameters (?), but they cannot be mixed in the
same query.
Example
Note: This tool uses parameterized queries to prevent SQL injections. Query parameters can be used as substitutes for arbitrary expressions. Parameters cannot be used as substitutes for identifiers, column names, table names, or other parts of the query.
tools:
# Example: Querying a user table in BigQuery
search_users_bq:
kind: bigquery-sql
source: my-bigquery-source
statement: |
SELECT
id,
name,
email
FROM
`my-project.my-dataset.users`
WHERE
id = @id OR email = @email;
description: |
Use this tool to get information for a specific user.
Takes an id number or a name and returns info on the user.
Example:
{{
"id": 123,
"name": "Alice",
}}
parameters:
- name: id
type: integer
description: User ID
- name: email
type: string
description: Email address of the user
Example with Template Parameters
Note: This tool allows direct modifications to the SQL statement, including identifiers, column names, and table names. This makes it more vulnerable to SQL injections. Using basic parameters only (see above) is recommended for performance and safety reasons. For more details, please check templateParameters.
tools:
list_table:
kind: bigquery-sql
source: my-bigquery-source
statement: |
SELECT * FROM {{.tableName}};
description: |
Use this tool to list all information from a specific table.
Example:
{{
"tableName": "flights",
}}
templateParameters:
- name: tableName
type: string
description: Table to select from
Reference
| field | type | required | description |
|---|---|---|---|
| kind | string | true | Must be "bigquery-sql". |
| source | string | true | Name of the source the GoogleSQL should execute on. |
| description | string | true | Description of the tool that is passed to the LLM. |
| statement | string | true | The GoogleSQL statement to execute. |
| parameters | parameters | false | List of parameters that will be inserted into the SQL statement. |
| templateParameters | templateParameters | false | List of templateParameters that will be inserted into the SQL statement before executing prepared statement. |