constdatapolicy=require('@google-cloud/bigquery-datapolicies');const{DataPolicyServiceClient}=datapolicy.v2;constprotos=datapolicy.protos.google.cloud.bigquery.datapolicies.v2;const{status}=require('@grpc/grpc-js');constdataPolicyServiceClient=newDataPolicyServiceClient();/** * Creates a data policy to apply a data masking rule to a specific BigQuery table column. * This is a primary mechanism for implementing column-level security in BigQuery. * * @param {string} projectId The Google Cloud project ID (for example, 'example-project-id') * @param {string} location The Google Cloud location. Example: 'us' * @param {string} dataPolicyId The user-assigned ID of the data policy. Example: 'example-data-policy-id' */asyncfunctioncreateDataPolicy(projectId,location,dataPolicyId){constparent=`projects/${projectId}/locations/${location}`;constdataPolicy={dataPolicyType:protos.DataPolicy.DataPolicyType.DATA_MASKING_POLICY,dataMaskingPolicy:{predefinedExpression:protos.DataMaskingPolicy.PredefinedExpression.SHA256,},};constrequest={parent,dataPolicyId,dataPolicy,};try{const[response]=awaitdataPolicyServiceClient.createDataPolicy(request);console.log(`Successfully created data policy:${response.name}`);console.log(`Data policy ID:${response.dataPolicyId}`);console.log(`Data policy type:${response.dataPolicyType}`);if(response.dataMaskingPolicy){console.log(`Data masking expression:${response.dataMaskingPolicy.predefinedExpression}`,);}}catch(err){if(err.code===status.ALREADY_EXISTS){console.log(`Data policy '${dataPolicyId}' already exists in location '${location}' of project '${projectId}'.`,);console.log('Consider updating the existing data policy or using a different dataPolicyId.',);}else{console.error('Error creating data policy:',err.message);}}}

fromgoogle.api_coreimportexceptionsfromgoogle.cloudimportbigquery_datapolicies_v2client=bigquery_datapolicies_v2.DataPolicyServiceClient()defcreate_data_policy(project_id:str,location:str,data_policy_id:str)->None:"""Creates a data policy to apply a data masking rule to a specific BigQuery table column.    This is a primary mechanism for implementing column-level security in BigQuery.    Args:        project_id (str): The Google Cloud project ID.        location (str): The geographic location of the data policy (for example, "us-central1").        data_policy_id (str): The ID for the new data policy.    """parent=f"projects/{project_id}/locations/{location}"# Define the data masking policy.# Here, we specify a SHA-256 predefined expression for data masking.data_masking_policy=bigquery_datapolicies_v2.DataMaskingPolicy(predefined_expression=bigquery_datapolicies_v2.DataMaskingPolicy.PredefinedExpression.SHA256)# Create the DataPolicy object.# We set the type to DATA_MASKING_POLICY and assign the defined masking policy.data_policy=bigquery_datapolicies_v2.DataPolicy(data_policy_type=bigquery_datapolicies_v2.DataPolicy.DataPolicyType.DATA_MASKING_POLICY,data_masking_policy=data_masking_policy,)request=bigquery_datapolicies_v2.CreateDataPolicyRequest(parent=parent,data_policy_id=data_policy_id,data_policy=data_policy,)try:response=client.create_data_policy(request=request)print(f"Successfully created data policy:{response.name}")print(f"Data Policy ID:{response.data_policy_id}")print(f"Data Policy Type:{response.data_policy_type.name}")print("Data Masking Predefined Expression:"f"{response.data_masking_policy.predefined_expression.name}")exceptexceptions.AlreadyExistsase:print(f"Error: Data policy '{data_policy_id}' already exists in project"f" '{project_id}' in location '{location}'. Use a unique ID or"" update the existing policy if needed.")exceptexceptions.NotFoundase:print(f"Error: The specified project '{project_id}' or location '{location}'"" was not found or is inaccessible. Make sure the project ID and"" location are correct and you have the necessary permissions.")exceptExceptionase:print(f"An unexpected error occurred:{e}")

const{DataPolicyServiceClient}=require('@google-cloud/bigquery-datapolicies').v2;const{status}=require('@grpc/grpc-js');constclient=newDataPolicyServiceClient();/** * Gets a specific data policy from the BigQuery Data Policy API by its name. * * This sample demonstrates how to fetch the details of an existing data policy. * Data policies are used to define rules for data masking or row-level security * on BigQuery tables. * * @param {string} projectId The Google Cloud project ID (for example, 'example-project-id') * @param {string} [location='us'] The Google Cloud location of the data policy (For example, 'us', 'europe-west2'). * @param {string} [dataPolicyId='example-data-policy'] The ID of the data policy to retrieve. */asyncfunctiongetDataPolicy(projectId,location='us',dataPolicyId='example-data-policy',){constname=client.dataPolicyPath(projectId,location,dataPolicyId);constrequest={name,};try{const[dataPolicy]=awaitclient.getDataPolicy(request);console.log('Successfully retrieved data policy:');console.log(`  Name:${dataPolicy.name}`);console.log(`  Type:${dataPolicy.dataPolicyType}`);if(dataPolicy.dataMaskingPolicy){console.log(`  Data Masking Policy:${dataPolicy.dataMaskingPolicy.predefinedExpression||dataPolicy.dataMaskingPolicy.routine}`,);}if(dataPolicy.grantees &&dataPolicy.grantees.length >0){console.log(`  Grantees:${dataPolicy.grantees.join(', ')}`);}}catch(err){if(err.code===status.NOT_FOUND){console.error(`Error: Data policy '${dataPolicyId}' not found in location '${location}' for project '${projectId}'.`,);console.error('Make sure the data policy ID, project ID, and location are correct.',);}else{console.error('Error retrieving data policy:',err.message);}}}

fromgoogle.api_coreimportexceptionsfromgoogle.cloudimportbigquery_datapolicies_v2client=bigquery_datapolicies_v2.DataPolicyServiceClient()defget_data_policy(project_id:str,location:str,data_policy_id:str,)->None:"""Gets a specific data policy from the BigQuery Data Policy API by its name.    Args:        project_id: The Google Cloud project ID.        location: The geographic location of the data policy (for example, "us", "eu").        data_policy_id: The user-assigned ID of the data policy.    """client=bigquery_datapolicies_v2.DataPolicyServiceClient()data_policy_name=client.data_policy_path(project=project_id,location=location,data_policy=data_policy_id,)try:response=client.get_data_policy(name=data_policy_name)print(f"Successfully retrieved data policy:{response.name}")print(f"  Data Policy ID:{response.data_policy_id}")print(f"  Data Policy Type:{response.data_policy_type.name}")ifresponse.policy_tag:print(f"  Policy Tag:{response.policy_tag}")ifresponse.grantees:print(f"  Grantees:{', '.join(response.grantees)}")ifresponse.data_masking_policy:masking_policy=response.data_masking_policyifmasking_policy.predefined_expression:print(f"  Data Masking Predefined Expression:{masking_policy.predefined_expression.name}")elifmasking_policy.routine:print(f"  Data Masking Routine:{masking_policy.routine}")exceptexceptions.NotFound:print(f"Error: Data policy '{data_policy_name}' not found.")print("Make sure the data policy ID, project ID, and location are correct.")exceptExceptionase:print(f"An unexpected error occurred:{e}")

const{DataPolicyServiceClient}=require('@google-cloud/bigquery-datapolicies').v2;const{status}=require('@grpc/grpc-js');constclient=newDataPolicyServiceClient();/** * Get the IAM policy for a specified data policy resource from the BigQuery Data Policy API. * This is useful for auditing which members have which roles on the policy. * * * @param {string} projectId Google Cloud Project ID (For example, 'example-project-id') * @param {string} location Google Cloud Location (For example, 'us-central1') * @param {string} dataPolicyId The ID of the data policy (For example, 'example-data-policy-id') */asyncfunctiongetIamPolicy(projectId,location,dataPolicyId){constresourceName=client.dataPolicyPath(projectId,location,dataPolicyId);constrequest={resource:resourceName,};try{const[policy]=awaitclient.getIamPolicy(request);console.log('Successfully retrieved IAM policy for data policy %s:',resourceName,);console.log(JSON.stringify(policy,null,2));}catch(err){if(err.code===status.NOT_FOUND){console.error(`Error: Data Policy '${dataPolicyId}' not found in location '${location}' of project '${projectId}'. `+'Make sure the data policy exists and the resource name is correct.',);}else{console.error(`Error getting IAM policy for data policy '${dataPolicyId}':`,err,);}}}

fromgoogle.api_coreimportexceptionsfromgoogle.cloudimportbigquery_datapolicies_v2fromgoogle.iam.v1importiam_policy_pb2client=bigquery_datapolicies_v2.DataPolicyServiceClient()defget_data_policy_iam_policy(project_id:str,location:str,data_policy_id:str,)->None:"""Get the IAM policy for a specified data policy resource from the BigQuery Data Policy API.    This is useful for auditing which members have which roles on the policy.    Args:        project_id: The Google Cloud project ID.        location: The geographic location of the data policy (for example, "us").        data_policy_id: The ID of the data policy.    """resource_name=client.data_policy_path(project=project_id,location=location,data_policy=data_policy_id,)request=iam_policy_pb2.GetIamPolicyRequest(resource=resource_name)try:policy=client.get_iam_policy(request=request)print(f"Successfully retrieved IAM policy for data policy:{resource_name}")print("Policy Version:",policy.version)ifpolicy.bindings:print("Policy Bindings:")forbindinginpolicy.bindings:print(f"  Role:{binding.role}")print(f"  Members:{', '.join(binding.members)}")ifbinding.condition.expression:print(f"  Condition:{binding.condition.expression}")else:print("No bindings found in the policy.")exceptexceptions.NotFound:print(f"Error: Data policy '{resource_name}' not found.")print("Make sure the project ID, location, and data policy ID are correct.")exceptexceptions.GoogleAPIErrorase:print(f"An API error occurred:{e}")exceptExceptionase:print(f"An unexpected error occurred:{e}")

const{DataPolicyServiceClient}=require('@google-cloud/bigquery-datapolicies').v2;const{status}=require('@grpc/grpc-js');constclient=newDataPolicyServiceClient();/** * Lists all data policies in a given project and location. * * Data policies define rules for data masking, row-level security, or column-level security. * * @param {string} projectId The Google Cloud project ID. (for example, 'example-project-id') * @param {string} location The Google Cloud location of the data policies. (For example, 'us') */asyncfunctionlistDataPolicies(projectId,location){constparent=`projects/${projectId}/locations/${location}`;constrequest={parent,};try{console.log(`Listing data policies for project:${projectId} in location:${location}`,);const[dataPolicies]=awaitclient.listDataPolicies(request);if(dataPolicies.length===0){console.log(`No data policies found in location${location} for project${projectId}.`,);return;}console.log('Data Policies:');for(constdataPolicyofdataPolicies){console.log(`  Data Policy Name:${dataPolicy.name}`);console.log(`    ID:${dataPolicy.dataPolicyId}`);console.log(`    Type:${dataPolicy.dataPolicyType}`);if(dataPolicy.policyTag){console.log(`    Policy Tag:${dataPolicy.policyTag}`);}if(dataPolicy.grantees &&dataPolicy.grantees.length >0){console.log(`    Grantees:${dataPolicy.grantees.join(', ')}`);}if(dataPolicy.dataMaskingPolicy){if(dataPolicy.dataMaskingPolicy.predefinedExpression){console.log(`    Data Masking Predefined Expression:${dataPolicy.dataMaskingPolicy.predefinedExpression}`,);}elseif(dataPolicy.dataMaskingPolicy.routine){console.log(`    Data Masking Routine:${dataPolicy.dataMaskingPolicy.routine}`,);}}}console.log(`Successfully listed${dataPolicies.length} data policies.`);}catch(err){if(err.code===status.NOT_FOUND){console.error(`Error: The project or location '${location}' for project '${projectId}' was not found. `+'Make sure the project ID and location are correct and that the BigQuery Data Policy API is enabled.',);}elseif(err.code===status.PERMISSION_DENIED){console.error(`Error: Permission denied when listing data policies for project '${projectId}' in location '${location}'. `+'Make sure the authenticated account has the necessary permissions (For example, bigquery.datapolicies.list).',);}else{console.error(`Error listing data policies:${err.message}`);}}}

importgoogle.api_core.exceptionsfromgoogle.cloudimportbigquery_datapolicies_v2client=bigquery_datapolicies_v2.DataPolicyServiceClient()deflist_data_policies(project_id:str,location:str)->None:"""Lists all data policies in a specified project.    Args:        project_id: The Google Cloud project ID.        location: The geographic location of the data policies (for example, "us", "us-central1").    """parent=f"projects/{project_id}/locations/{location}"try:request=bigquery_datapolicies_v2.ListDataPoliciesRequest(parent=parent)print(f"Listing data policies for project '{project_id}' in location '{location}':")page_result=client.list_data_policies(request=request)found_policies=Falsefordata_policyinpage_result:found_policies=Trueprint(f"  Data Policy Name:{data_policy.name}")print(f"  Data Policy ID:{data_policy.data_policy_id}")print(f"  Data Policy Type:{data_policy.data_policy_type.name}")ifdata_policy.policy_tag:print(f"  Policy Tag:{data_policy.policy_tag}")ifdata_policy.grantees:print(f"  Grantees:{', '.join(data_policy.grantees)}")print("-"*20)ifnotfound_policies:print("No data policies found.")exceptgoogle.api_core.exceptions.NotFoundase:print(f"Error: The specified project or location was not found or accessible.")print(f"Details:{e}")print("Make sure the project ID and location are correct and you have the necessary permissions.")exceptExceptionase:print(f"An unexpected error occurred:{e}")

constdatapolicy=require('@google-cloud/bigquery-datapolicies');const{DataPolicyServiceClient}=datapolicy.v2;constprotos=datapolicy.protos.google.cloud.bigquery.datapolicies.v2;const{status}=require('@grpc/grpc-js');constclient=newDataPolicyServiceClient();/** * Updates the data masking configuration of an existing data policy. * This example demonstrates how to use a FieldMask to selectively update the * `data_masking_policy` (for example, changing the masking expression from * ALWAYS_NULL to SHA256) without affecting other fields or recreating the policy. * * @param {string} projectId The Google Cloud project ID (For example, 'example-project-id'). * @param {string} location The location of the data policy (For example, 'us'). * @param {string} dataPolicyId The ID of the data policy to update (For example, 'example-data-policy-id'). */asyncfunctionupdateDataPolicy(projectId,location,dataPolicyId){constresourceName=client.dataPolicyPath(projectId,location,dataPolicyId);constgetRequest={name:resourceName,};try{// To prevent race conditions, use the policy's etag in the update.const[currentDataPolicy]=awaitclient.getDataPolicy(getRequest);constcurrentETag=currentDataPolicy.etag;// This example transitions a masking rule from ALWAYS_NULL to SHA256.constdataPolicy={name:resourceName,etag:currentETag,dataMaskingPolicy:{predefinedExpression:protos.DataMaskingPolicy.PredefinedExpression.SHA256,},};// Use a field mask to selectively update only the data masking policy.constupdateMask={paths:['data_masking_policy'],};constrequest={dataPolicy,updateMask,};const[response]=awaitclient.updateDataPolicy(request);console.log(`Successfully updated data policy:${response.name}`);console.log(`New masking expression:${response.dataMaskingPolicy.predefinedExpression}`);}catch(err){if(err.code===status.NOT_FOUND){console.error(`Error: Data policy '${resourceName}' not found. `+'Make sure the data policy exists and the project, location, and data policy ID are correct.');}else{console.error('Error updating data policy:',err.message,err);}}}

fromgoogle.api_coreimportexceptionsfromgoogle.cloudimportbigquery_datapolicies_v2fromgoogle.protobufimportfield_mask_pb2client=bigquery_datapolicies_v2.DataPolicyServiceClient()defupdate_data_policy(project_id:str,location:str,data_policy_id:str)->None:"""Updates the data masking configuration of an existing data policy.    This example demonstrates how to use a FieldMask to selectively update the    `data_masking_policy` (for example, changing the masking expression from    ALWAYS_NULL to SHA256) without affecting other fields or recreating the policy.    Args:        project_id: The Google Cloud project ID.        location: The geographic location (for example, "us") of the data policy.        data_policy_id: The ID of the data policy to update.    """data_policy_name=client.data_policy_path(project=project_id,location=location,data_policy=data_policy_id,)# To prevent race conditions, use the policy's etag in the update.existing_policy=client.get_data_policy(name=data_policy_name)# This example transitions a masking rule from ALWAYS_NULL to SHA256.updated_data_policy=bigquery_datapolicies_v2.DataPolicy(name=data_policy_name,data_masking_policy=bigquery_datapolicies_v2.DataMaskingPolicy(predefined_expression=bigquery_datapolicies_v2.DataMaskingPolicy.PredefinedExpression.SHA256),etag=existing_policy.etag,)# Use a field mask to selectively update only the data masking policy.update_mask=field_mask_pb2.FieldMask(paths=["data_masking_policy"])request=bigquery_datapolicies_v2.UpdateDataPolicyRequest(data_policy=updated_data_policy,update_mask=update_mask,)try:response=client.update_data_policy(request=request)print(f"Successfully updated data policy:{response.name}")print(f"New data policy type:{response.data_policy_type.name}")ifresponse.data_masking_policy:print(f"New masking expression:{response.data_masking_policy.predefined_expression.name}")exceptexceptions.NotFound:print(f"Error: Data policy '{data_policy_name}' not found.")print("Make sure the data policy ID and location are correct.")exceptExceptionase:print(f"An unexpected error occurred:{e}")

const{DataPolicyServiceClient}=require('@google-cloud/bigquery-datapolicies').v2;const{status}=require('@grpc/grpc-js');constclient=newDataPolicyServiceClient();/** * Deletes a data policy from the BigQuery Data Policy API, which is identified by its project ID, location, and data policy ID. * * @param {string} projectId The Google Cloud project ID. * @param {string} location The Google Cloud location (For example, 'us'). * @param {string} dataPolicyId The ID of the data policy to delete (For example, 'example-data-policy'). */asyncfunctiondeleteDataPolicy(projectId,location,dataPolicyId){constname=client.dataPolicyPath(projectId,location,dataPolicyId);constrequest={name,};try{awaitclient.deleteDataPolicy(request);console.log(`Successfully deleted data policy:${name}`);}catch(err){if(err.code===status.NOT_FOUND){console.error(`Data policy${name} not found. Make sure the data policy ID and location are correct.`,);}else{console.error(`Error deleting data policy${name}:`,err.message);}}}

fromgoogle.api_coreimportexceptionsascore_exceptionsfromgoogle.cloudimportbigquery_datapolicies_v2client=bigquery_datapolicies_v2.DataPolicyServiceClient()defdelete_data_policy(project_id:str,location:str,data_policy_id:str)->None:"""Deletes a data policy from the BigQuery Data Policy APIs.    Args:        project_id: The Google Cloud project ID.        location: The location of the data policy (for example, "us").        data_policy_id: The ID of the data policy to delete.    """name=client.data_policy_path(project=project_id,location=location,data_policy=data_policy_id)try:client.delete_data_policy(name=name)print(f"Successfully deleted data policy:{name}")exceptcore_exceptions.NotFound:print(f"Data policy '{name}' not found. It may have already been deleted.")exceptExceptionase:print(f"Error deleting data policy '{name}':{e}")