feat(bigquery): Add samples for control access 3/3

Author: hivanalejandro

bigquery/cloud-client/test/viewDatasetAccessPolicy.test.js

@@ -0,0 +1,35 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const assert = require('assert');
+const {getDataset, setupBeforeAll, teardownAfterAll} = require('./config');
+const {viewDatasetAccessPolicy} = require('../viewDatasetAccessPolicy');
+
+describe('viewDatasetAccessPolicy', () => {
+  before(async () => {
+    await setupBeforeAll();
+  });
+
+  after(async () => {
+    await teardownAfterAll();
+  });
+
+  it('should view dataset access policies', async () => {
+    const dataset = await getDataset();
+    const accessPolicy = await viewDatasetAccessPolicy(dataset.id);
+
+    assert.ok(accessPolicy, 'Access policy should be defined');
+    assert.ok(Array.isArray(accessPolicy), 'Access policy should be an array');
+  });
+});

bigquery/cloud-client/test/viewTableOrViewAccessPolicy.test.js

@@ -0,0 +1,90 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+const assert = require('assert');
+const {
+  getProjectId,
+  getDataset,
+  getTable,
+  getView,
+  setupBeforeAll,
+  teardownAfterAll,
+} = require('./config.js');
+const viewTableOrViewAccessPolicy = require('../viewTableOrViewAccessPolicy.js');
+
+describe('viewTableOrViewAccessPolicy', () => {
+  before(async () => {
+    await setupBeforeAll();
+  });
+
+  after(async () => {
+    await teardownAfterAll();
+  });
+
+  it('should view table access policies', async () => {
+    const projectId = await getProjectId();
+    const dataset = await getDataset();
+    const table = await getTable();
+
+    const policy = await viewTableOrViewAccessPolicy(
+      projectId,
+      dataset.id,
+      table.id
+    );
+
+    // Verify that the policy exists.
+    assert.ok(policy, 'Policy should be defined');
+
+    // Verify that bindings exists and is an array.
+    assert.ok(Array.isArray(policy.bindings), 'Bindings should be an array');
+
+    // In a new policy, bindings should be empty.
+    assert.strictEqual(
+      policy.bindings.length,
+      0,
+      'Bindings list should be empty'
+    );
+
+    // Verify that etag exists, but do not validate its exact value.
+    assert.ok(policy.etag, 'Etag should be defined');
+  });
+
+  it('should view view access policies', async () => {
+    const projectId = await getProjectId();
+    const dataset = await getDataset();
+    const view = await getView();
+
+    const policy = await viewTableOrViewAccessPolicy(
+      projectId,
+      dataset.id,
+      view.id
+    );
+
+    // Verify that the policy exists.
+    assert.ok(policy, 'Policy should be defined');
+
+    // Verify that bindings exists and is an array.
+    assert.ok(Array.isArray(policy.bindings), 'Bindings should be an array');
+
+    // In a new policy, bindings should be empty.
+    assert.strictEqual(
+      policy.bindings.length,
+      0,
+      'Bindings list should be empty'
+    );
+
+    // Verify that etag exists, but do not validate its exact value.
+    assert.ok(policy.etag, 'Etag should be defined');
+  });
+});

bigquery/cloud-client/viewDatasetAccessPolicy.js

@@ -0,0 +1,59 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+/**
+ * View access policies for a BigQuery dataset.
+ * @param {string} datasetId Dataset ID to view access policies for.
+ * @returns {Array} Array of access entries.
+ */
+function viewDatasetAccessPolicy(datasetId) {
+  // [START bigquery_view_dataset_access_policy]
+  const {BigQuery} = require('@google-cloud/bigquery');
+
+  // Instantiate a client.
+  const bigquery = new BigQuery();
+
+  // TODO (developer): Update and un-comment below lines.
+
+  // Dataset from which to get the access policy.
+  // datasetId = "my_dataset_id";
+
+  // Get a reference to the dataset.
+  const dataset = bigquery.dataset(datasetId);
+
+  return dataset.getMetadata().then(([metadata]) => {
+    const accessEntries = metadata.access || [];
+
+    // Show the array of AccessEntry objects.
+    // More details about the AccessEntry object in the BigQuery documentation:
+    // https://cloud.google.com/nodejs/docs/reference/bigquery/latest
+    console.log(
+      `${accessEntries.length} Access entries in dataset '${datasetId}':`
+    );
+    for (const accessEntry of accessEntries) {
+      console.log(`Role: ${accessEntry.role || 'null'}`);
+      console.log(`Special group: ${accessEntry.specialGroup || 'null'}`);
+      console.log(`User by Email: ${accessEntry.userByEmail || 'null'}`);
+    }
+
+    return accessEntries;
+  });
+  // [END bigquery_view_dataset_access_policy]
+}
+
+module.exports = {
+  viewDatasetAccessPolicy,
+};

bigquery/cloud-client/viewTableOrViewAccessPolicy.js

@@ -0,0 +1,68 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+/**
+ * View access policy for a BigQuery table or view.
+ *
+ * @param {string} projectId Google Cloud Platform project.
+ * @param {string} datasetId Dataset where the table or view is.
+ * @param {string} resourceName Table or view name to get the access policy.
+ * @returns {Promise<object>} The IAM policy object.
+ */
+async function viewTableOrViewAccessPolicy(projectId, datasetId, resourceName) {
+  // [START bigquery_view_table_or_view_access_policy]
+  const {BigQuery} = require('@google-cloud/bigquery');
+
+  // TODO(developer): Update and un-comment below lines.
+
+  // Google Cloud Platform project.
+  // projectId = "my_project_id";
+
+  // Dataset where the table or view is.
+  // datasetId = "my_dataset_id";
+
+  // Table or view name to get the access policy.
+  // resourceName = "my_table_name_id";
+
+  // Instantiate a client.
+  const client = new BigQuery();
+
+  // Get a reference to the dataset by datasetId.
+  const dataset = client.dataset(datasetId);
+  // Get a reference to the table by tableName.
+  const table = dataset.table(resourceName);
+
+  // Get the IAM access policy for the table or view.
+  const [policy] = await table.getIamPolicy();
+
+  // Initialize bindings array.
+  if (!policy.bindings) {
+    policy.bindings = [];
+  }
+
+  // Show policy details
+  // Find more details for the Policy object here:
+  // https://cloud.google.com/bigquery/docs/reference/rest/v2/Policy
+  console.log(`Access Policy details for table or view '${resourceName}'.`);
+  console.log(`Bindings: ${JSON.stringify(policy.bindings, null, 2)}`);
+  console.log(`etag: ${policy.etag}`);
+  console.log(`Version: ${policy.version}`);
+
+  // [END bigquery_view_table_or_view_access_policy]
+  return policy;
+}
+
+module.exports = viewTableOrViewAccessPolicy;