feat(bigquery): Add samples for control access 3/3

bigquery/cloud-client/test/viewDatasetAccessPolicy.test.js

@@ -0,0 +1,70 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+const {beforeEach, afterEach, it, describe} = require('mocha');
+const assert = require('assert');
+const sinon = require('sinon');
+
+const {setupBeforeAll, cleanupResources} = require('./config');
+const {viewDatasetAccessPolicy} = require('../viewDatasetAccessPolicy');
+
+describe('viewDatasetAccessPolicy', () => {
+  let datasetId = null;
+
+  beforeEach(async () => {
+    const response = await setupBeforeAll();
+    datasetId = response.datasetId;
+
+    sinon.stub(console, 'log');
+    sinon.stub(console, 'error');
+  });
+
+  afterEach(async () => {
+    await cleanupResources(datasetId);
+    console.log.restore();
+    console.error.restore();
+  });
+
+  it('should view dataset access policies', async () => {
+    // Act: View the dataset access policy
+    await viewDatasetAccessPolicy(datasetId);
+
+    // Assert: Check that the initial message was logged
+    assert.strictEqual(
+      console.log.calledWith(
+        sinon.match(`Access entries in dataset '${datasetId}':`)
+      ),
+      true
+    );
+
+    // We're not checking the exact number of entries since that might vary,
+    // but we're making sure the appropriate logging format was followed
+    assert.ok(
+      console.log.calledWith(sinon.match(/Role:/)),
+      'Should log role information'
+    );
+
+    assert.ok(
+      console.log.calledWith(sinon.match(/Special group:/)),
+      'Should log special group information'
+    );
+
+    assert.ok(
+      console.log.calledWith(sinon.match(/User by Email:/)),
+      'Should log user by email information'
+    );
+  });
+});

bigquery/cloud-client/test/viewTableOrViewAccessPolicy.test.js

@@ -0,0 +1,71 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+const {describe, it, beforeEach, afterEach} = require('mocha');
+const assert = require('assert');
+const sinon = require('sinon');
+
+const {setupBeforeAll, cleanupResources} = require('./config');
+const {viewTableOrViewAccessPolicy} = require('../viewTableOrViewAccessPolicy');
+
+describe('viewTableOrViewAccessPolicy', () => {
+  let datasetId = null;
+  let tableId = null;
+  const projectId = process.env.GCLOUD_PROJECT;
+
+  beforeEach(async () => {
+    const response = await setupBeforeAll();
+    datasetId = response.datasetId;
+    tableId = response.tableId;
+
+    sinon.stub(console, 'log');
+    sinon.stub(console, 'error');
+  });
+
+  afterEach(async () => {
+    await cleanupResources(datasetId);
+    console.log.restore();
+    console.error.restore();
+  });
+
+  it('should view table access policies', async () => {
+    // View the table access policy
+    await viewTableOrViewAccessPolicy(projectId, datasetId, tableId);
+
+    // Check that the right messages were logged
+    assert.strictEqual(
+      console.log.calledWith(
+        `Access Policy details for table or view '${tableId}'.`
+      ),
+      true
+    );
+
+    assert.ok(
+      console.log.calledWith(sinon.match('Bindings:')),
+      'Should log bindings information'
+    );
+
+    assert.ok(
+      console.log.calledWith(sinon.match('etag:')),
+      'Should log etag information'
+    );
+
+    assert.ok(
+      console.log.calledWith(sinon.match('Version:')),
+      'Should log version information'
+    );
+  });
+});

bigquery/cloud-client/viewDatasetAccessPolicy.js

@@ -0,0 +1,52 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(datasetId) {
+  // [START bigquery_view_dataset_access_policy]
+
+  /**
+   * TODO(developer): Update and un-comment below lines
+   */
+  // const datasetId = "my_project_id.my_dataset";
+
+  const {BigQuery} = require('@google-cloud/bigquery');
+
+  // Instantiate a client.
+  const bigquery = new BigQuery();
+
+  async function viewDatasetAccessPolicy() {
+    const dataset = bigquery.dataset(datasetId);
+
+    const [metadata] = await dataset.getMetadata();
+    const accessEntries = metadata.access || [];
+
+    // Show the list of AccessEntry objects.
+    // More details about the AccessEntry object in the BigQuery documentation:
+    // https://cloud.google.com/nodejs/docs/reference/bigquery/latest
+    console.log(
+      `${accessEntries.length} Access entries in dataset '${datasetId}':`
+    );
+    for (const accessEntry of accessEntries) {
+      console.log(`Role: ${accessEntry.role || 'null'}`);
+      console.log(`Special group: ${accessEntry.specialGroup || 'null'}`);
+      console.log(`User by Email: ${accessEntry.userByEmail || 'null'}`);
+    }
+  }
+  // [END bigquery_view_dataset_access_policy]
+  await viewDatasetAccessPolicy();
+}
+
+exports.viewDatasetAccessPolicy = main;

bigquery/cloud-client/viewTableOrViewAccessPolicy.js

@@ -0,0 +1,56 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+async function main(projectId, datasetId, resourceName) {
+  // [START bigquery_view_table_or_view_access_policy]
+
+  /**
+   * TODO(developer): Update and un-comment below lines
+   */
+  // const projectId = "YOUR_PROJECT_ID"
+  // const datasetId = "YOUR_DATASET_ID"
+  // const resourceName = "YOUR_RESOURCE_NAME";
+
+  const {BigQuery} = require('@google-cloud/bigquery');
+
+  // Instantiate a client.
+  const client = new BigQuery();
+
+  async function viewTableOrViewAccessPolicy() {
+    const dataset = client.dataset(datasetId);
+    const table = dataset.table(resourceName);
+
+    // Get the IAM access policy for the table or view.
+    const [policy] = await table.getIamPolicy();
+
+    // Initialize bindings if they don't exist
+    if (!policy.bindings) {
+      policy.bindings = [];
+    }
+
+    // Show policy details.
+    // Find more details for the Policy object here:
+    // https://cloud.google.com/bigquery/docs/reference/rest/v2/Policy
+    console.log(`Access Policy details for table or view '${resourceName}'.`);
+    console.log(`Bindings: ${JSON.stringify(policy.bindings, null, 2)}`);
+    console.log(`etag: ${policy.etag}`);
+    console.log(`Version: ${policy.version}`);
+  }
+  // [END bigquery_view_table_or_view_access_policy]
+  await viewTableOrViewAccessPolicy();
+}
+
+exports.viewTableOrViewAccessPolicy = main;