brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-08 21:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(snowflake): revise and expand

Browse Source
This commit is contained in:
Michele Cereda
2025-07-23 13:19:07 +02:00
parent 0b7730b295
commit 5fef81f13d
7 changed files with 735 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -297,6 +297,7 @@
"roboto", "roboto",
"rocm", "rocm",
"roff", "roff",
"roleout",
"rootlv", "rootlv",
"rootvg", "rootvg",
"routable", "routable",

65
knowledge base/data warehouse.md Normal file
View File

@@ -0,0 +1,65 @@
# Data warehouse
Centralized repository that stores large amounts of data from various sources.<br/>
It possibly stores the data in structured and organized ways that are optimized for data analysis and generation of
reports and insights.
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
## TL;DR
Operational systems upload the data, which may require cleansing.
The two main workflows for data warehouse systems are:
- _Extract, Transform, Load_ (ETL).
- _Extract, Load, Transform_ (ELT).
<!-- Uncomment if used
<details>
<summary>Setup</summary>
```sh
```
</details>
-->
<!-- Uncomment if used
<details>
<summary>Usage</summary>
```sh
```
</details>
-->
<!-- Uncomment if used
<details>
<summary>Real world use cases</summary>
```sh
```
</details>
-->
## Further readings
- [What is a data warehouse?]
- [Snowflake]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
[snowflake]: snowflake/README.md
<!-- Files -->
<!-- Others -->
[What is a data warehouse?]: https://www.ibm.com/think/topics/data-warehouse

186
knowledge base/snowflake.md
View File

@@ -1,186 +0,0 @@
# Snowflake
> TODO
Intro
<!-- Remove this line to uncomment if used
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Snowflake CLI](#snowflake-cli)
1. [RoleOut](#roleout)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
<details>
<summary>Setup</summary>
<details style='padding: 0 0 0 1rem'>
<summary>Linux (DEB)</summary>
```sh
# Install Snowflake's CLI.
# Get it from the [Snowflake CLI repository].
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.deb' \
&& sudo dpkg -i 'snowflake-cli-3.7.2.aarch64.deb'
```
</details>
<details style='padding: 0 0 0 1rem'>
<summary>Linux (RPM)</summary>
```sh
# Install Snowflake's CLI.
# Get it from the [Snowflake CLI repository].
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.rpm' \
&& sudo rpm -i 'snowflake-cli-3.7.2.rpm'
```
</details>
<details style='padding: 0 0 0 1rem'>
<summary>Mac OS X</summary>
```sh
# Install Snowflake's CLI.
brew install 'snowflake-cli'
# Install RoleOut's UI and CLI.
curl -C '-' -LfSO --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/Roleout-2.0.1-arm64.dmg' \
&& sudo installer -pkg 'Roleout-2.0.1-arm64.dmg' -target '/' \
&& curl -C '-' -LfS --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/roleout-cli-macos' \
--output "$HOME/bin/roleout-cli" \
&& chmod 'u+x' "$HOME/bin/roleout-cli" \
&& xattr -d 'com.apple.quarantine' "$HOME/bin/roleout-cli"
```
</details>
</details>
<details>
<summary>Usage</summary>
```sh
# Check it works.
snow --version
# Get help.
snow --help
snow helpers -h
# List configured connections to Snowflake.
snow connection list
# Add connections.
snow connection add
# Test connections.
snow connection test
snow connection test -c 'connection-name'
# Executes Snowflake queries.
snow sql
```
```sql
SHOW USERS;
SHOW USERS LIKE '%john%';
DESC USER zoe;
CREATE USER alice;
CREATE USER IF NOT EXISTS bob;
CREATE OR REPLACE USER claude
PASSWORD='somePassword' DISPLAY_NAME='Claude' EMAIL='claude@example.org'
LOGIN_NAME='CLAUDE@EXAMPLE.ORG' MUST_CHANGE_PASSWORD=TRUE;
GRANT ROLE someRole TO USER diane;
ALTER USER IF EXISTS elijah RESET PASSWORD;
ALTER USER fred SET DISABLE_MFA=TRUE;
ALTER USER greg SET MINS_TO_UNLOCK=0;
```
</details>
<!-- Uncomment if used
<details>
<summary>Real world use cases</summary>
```sh
```
</details>
-->
## Snowflake CLI
Refer [Snowflake CLI].
Meant to replace the SnowSQL tool.
Download from the [Snowflake CLI repository].
```sh
# Linux (DEB).
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.deb' \
&& sudo dpkg -i 'snowflake-cli-3.7.2.aarch64.deb'
# Linux (RPM).
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.rpm' \
&& sudo rpm -i 'snowflake-cli-3.7.2.rpm'
# Mac OS X.
# Via Homebrew.
brew install 'snowflake-cli'
# Via the [Snowflake CLI repository].
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/darwin_arm64/3.7.2/snowflake-cli-3.7.2-darwin-arm64.pkg' \
&& sudo installer -pkg 'snowflake-cli-3.7.2-darwin-arm64.pkg' -target '/' \
&& ln -swiv '/Applications/SnowflakeCLI.app/Contents/MacOS/snow' "$HOME/bin/snow"
```
## RoleOut
```sh
# Mac OS X.
curl -C '-' -LfSO --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/Roleout-2.0.1-arm64.dmg' \
&& sudo installer -pkg 'Roleout-2.0.1-arm64.dmg' -target '/' \
&& curl -C '-' -LfS --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/roleout-cli-macos' \
--output "$HOME/bin/roleout-cli" \
&& chmod 'u+x' "$HOME/bin/roleout-cli" \
&& xattr -d 'com.apple.quarantine' "$HOME/bin/roleout-cli"
```
## Further readings
- [Website]
### Sources
- [Documentation]
- [Snowflake CLI]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
<!-- Files -->
<!-- Upstream -->
[documentation]: https://docs.snowflake.com/en/
[website]: https://www.snowflake.com/en/
[snowflake cli]: https://docs.snowflake.com/en/developer-guide/snowflake-cli/index
[snowflake cli repository]: https://sfc-repo.snowflakecomputing.com/snowflake-cli/index.html
<!-- Others -->

315
knowledge base/snowflake/README.md Normal file
View File

@@ -0,0 +1,315 @@
# Snowflake
Cloud-based [data warehousing][data warehouse] platform.
1. [TL;DR](#tldr)
1. [Roles](#roles)
1. [Users](#users)
1. [Virtual warehouses](#virtual-warehouses)
1. [Access with private keys](#access-with-private-keys)
1. [Snowflake CLI](#snowflake-cli)
1. [RoleOut](#roleout)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
Snowflake separates storage, compute and cloud services in different layers.
It:
- Runs completely on cloud infrastructure.
- Handles semi-structured data like JSON and Parquet.
- Stores persistent data in columnar format in cloud storage.<br/>
Customers cannot see nor access the data objects directly; they can only access them through SQL query operations.
- Copies data as Copy-on-Write virtual clones.
- Stores tables in memory in small chunks to enhance parallelization.
Each virtual warehouse is a dedicated MPP compute clusters. Each member handles a different part of a query.<br/>
Snowflake offers Virtual warehouses in different sizes at different prices (XS, S, M, L, XL, …, 6XL).
Billing depends on how long a warehouse runs continuously.<br/>
The total cost is the aggregate of the cost of using data transfer, storage, and compute resources.
Snowflake's system analyzes queries and identifies patterns to optimize using historical data. The results of frequently
executed queries is cached.
Administrators use Role-Based Access Control (RBAC) to define and manage user roles and permissions.
Accounts can connect to Snowflake via:
- Web UI.
- Command line clients.
- ODBC and JDBC drivers.
- Native connectors (e.g., Python or Spark).
- Third-party connectors.
<details>
<summary>Setup</summary>
<details style='padding: 0 0 0 1rem'>
<summary>Mac OS X</summary>
```sh
# Install RoleOut's UI and CLI.
curl -C '-' -LfSO --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/Roleout-2.0.1-arm64.dmg' \
&& sudo installer -pkg 'Roleout-2.0.1-arm64.dmg' -target '/' \
&& curl -C '-' -LfS --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/roleout-cli-macos' \
--output "$HOME/bin/roleout-cli" \
&& chmod 'u+x' "$HOME/bin/roleout-cli" \
&& xattr -d 'com.apple.quarantine' "$HOME/bin/roleout-cli"
```
</details>
</details>
<details>
<summary>Usage</summary>
```sql
-- List users
SHOW USERS;
SHOW USERS LIKE '%john%';
-- Get information about users
DESC USER zoe;
-- Create users
CREATE USER alice;
CREATE USER IF NOT EXISTS bob;
CREATE OR REPLACE USER claude
PASSWORD='somePassword' DISPLAY_NAME='Claude' EMAIL='claude@example.org'
LOGIN_NAME='CLAUDE@EXAMPLE.ORG' MUST_CHANGE_PASSWORD=TRUE;
-- Make changes to users
ALTER USER IF EXISTS elijah RESET PASSWORD;
ALTER USER fred SET DISABLE_MFA=TRUE;
ALTER USER greg SET MINS_TO_UNLOCK=0;
-- Delete users
DROP USER snowman;
-- List roles
SHOW ROLES;
SHOW ROLES LIKE '%DATA%';
-- Grant permissions
GRANT ROLE someRole TO USER diane;
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE SYSADMIN;
-- Show permissions resources have
SHOW GRANTS TO USER CLAUDE;
-- Show permissions the current user has on resources
SHOW GRANTS ON USER CLAUDE;
-- FIXME
DROP DATABASE IF EXISTS sf_tuts;
DROP WAREHOUSE IF EXISTS sf_tuts_wh;
```
</details>
<!-- Uncomment if used
<details>
<summary>Real world use cases</summary>
```sh
```
</details>
-->
## Roles
Entities to which privileges on securable objects can be granted and revoked.<br/>
They are assigned to [users] to allow them to perform actions required for business functions in their organization
Snowflake accounts come with a set of system-defined roles:
- `GLOBALORGADMIN`: the organization administrator.<br/>
Manages the lifecycle of accounts and views organization-level usage information.<br/>
This role exists only in the organization account. Replaces `ORGADMIN`.
- `ACCOUNTADMIN`: the account administrator.<br/>
Encapsulates the `SYSADMIN` and `SECURITYADMIN` roles.<br/>
Top-level role in the system with access to every component. It should be granted only to a limited and controlled
number of users in the account.
- `SECURITYADMIN`: the security administrator.<br/>
Manages any object grant globally. Creates, monitors, and manages users and roles.
<details style='padding: 0 0 1rem 1rem'>
This role is granted `MANAGE GRANTS` privilege to be able to modify any grant, including revoking it.<br/>
It does **not**, though, give the `SECURITYADMIN` the ability to perform **other** actions like creating objects. To
do so, the role must **also** be granted the privileges needed for those actions.
It is also granted the `USERADMIN` role.
</details>
- `USERADMIN`: the user and role administrator.<br/>
Can create users and roles in the account. It also manages users and roles that it owns.
<details style='padding: 0 0 1rem 1rem'>
This role is granted the `CREATE USER` and `CREATE ROLE` privileges.
Only roles with the `OWNERSHIP` privilege on an object (user or role in this case), or a higher role, can modify an
object's properties.
</details>
- `SYSADMIN`: the system Administrator.<br/>
It has privileges to create warehouses, databases, and other objects in an account.
- `PUBLIC`: pseudo-role automatically granted by default to every user and every role in an account.<br/>
Can own securable objects, but they are, by definition, available to every other user and role in the account.<br/>
Typically used in cases where explicit access control is not needed.
```sql
-- List roles
SHOW ROLES;
SHOW ROLES LIKE '%DATA%';
-- Assume roles
USE ROLE SECURITYADMIN;
-- Grant permissions
GRANT ROLE FINANCIAL_CHIEF TO USER CLAUDE;
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE SYSADMIN;
-- Show permissions users have
SHOW GRANTS TO USER CLAUDE;
-- Show permissions the current user has on other users
SHOW GRANTS ON USER CLAUDE;
```
## Users
Users can only be created by those with (or):
- The `USERADMIN` role or higher.
- Roles granting them the CREATE USER capability on the account.
Add users to the account executing a SQL Query by means of Snowflake's web UI found in the `Account` section.
```sql
-- List users
SHOW USERS;
SHOW USERS LIKE '%john%';
-- Get information about users
DESC USER zoe;
-- Create users
CREATE USER alice;
CREATE USER IF NOT EXISTS bob;
CREATE OR REPLACE USER claude
LOGIN_NAME='CLAUDE@EXAMPLE.ORG' DISPLAY_NAME='Claude' EMAIL='claude@example.org'
PASSWORD='somePassword' MUST_CHANGE_PASSWORD=TRUE;
```
Prefer setting a `DEFAULT_WAREHOUSE` and `DEFAULT_ROLE` for users, specially if they use non-Snowflake client tools.
Remember to `GRANT ROLE a=Access` after creating a user.<br/>
Snowflake does **not** offer access to a user's default role automatically. After a user is created, one **must**
provide that user access to its default role.<br/>
If a user can't access their default role, they won't be able to log in.
When using SSO:
- The users' LOGIN NAME must exactly match the email address used by one's Identity Provider.<br/>
Mismatches or fresh email addresses will result in a failed SSO attempt.
- Optionally remove the ability for a user to log in with a password by not specifying one in the creation command.<br/>
To give someone the ability to use a password later, simply modify that user's password and require them to change
it.<br/>
Setting up a password gives the user the option of selecting what method to use to login. This is required by tools
that do not support logging in via SSO.
## Virtual warehouses
Dedicated, independent clusters of compute resources in Snowflake.
They are required for queries and all DML operations, including loading data into tables.
Available in two types: _Standard_ or _Snowpark-optimized_.<br/>
Type aside, warehouses are defined by their size and those other properties that control and automate their activity.
Billing depends on how long the warehouse runs continuously.
Warehouses can be set to automatically resume or suspend, based on activity.<br/>
Auto-suspend and resume are both enabled by default.
## Access with private keys
Refer [Snowflake terraform provider authentication].
Procedure:
1. Generate a keypair.
```sh
openssl genrsa -out "$HOME/.ssh/snowflake_key" 4096
openssl rsa -in "$HOME/.ssh/snowflake_key" -pubout -out "$HOME/.ssh/snowflake_key.pub"
openssl pkcs8 -topk8 -inform 'pem' -in "$HOME/.ssh/snowflake_key" \
-outform 'PEM' -v2 aes-256-cbc -out "$HOME/.ssh/snowflake_key.p8"
```
1. Assign the key to your user in Snowflake.
```sql
ALTER USER jsmith SET RSA_PUBLIC_KEY='MIIBIjANBgkqh...';
```
1. Configure tools to use the key.
```sh
export SNOWFLAKE_PRIVATE_KEY="$(cat ~/.ssh/snowflake_key.p8)"
export SNOWFLAKE_PRIVATE_KEY_PATH="$HOME/.ssh/snowflake_key" SNOWFLAKE_PRIVATE_KEY_PASSPHRASE='somePassword'
snow connection add -n 'jwt' --authenticator 'SNOWFLAKE_JWT' --private-key-file "$HOME/.ssh/snowflake_key"
```
## Snowflake CLI
See [Snowflake CLI].
## RoleOut
Refer [RoleOut].
## Further readings
- [Website]
- [Documentation]
- [Data warehouse]
- [Snowflake CLI]
- [Roleout]
### Sources
- [Snowflake CREATE USERS: Syntax, Usage & Practical Examples]
- [Overview of Access Control]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
[users]: #users
<!-- Knowledge base -->
[Data warehouse]: ../data%20warehouse.md
[RoleOut]: roleout.md
[Snowflake CLI]: cli.md
<!-- Files -->
<!-- Upstream -->
[Documentation]: https://docs.snowflake.com/en/
[Overview of Access Control]: https://docs.snowflake.com/en/user-guide/security-access-control-overview
[Website]: https://www.snowflake.com/en/
<!-- Others -->
[Snowflake CREATE USERS: Syntax, Usage & Practical Examples]: https://hevodata.com/learn/snowflake-create-users/
[Snowflake terraform provider authentication]: https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest/docs#authentication

211
knowledge base/snowflake/cli.md Normal file
View File

@@ -0,0 +1,211 @@
# Snowflake CLI
Refer [Snowflake CLI].
Meant to replace the SnowSQL tool.
1. [TL;DR](#tldr)
1. [Setup](#setup)
1. [Usage](#usage)
1. [Further readings](#further-readings)
## TL;DR
<details>
<summary>Setup</summary>
```sh
# Using Homebrew
brew install 'snowflake-cli'
# Get it from the [Snowflake CLI repository]
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.deb' \
&& sudo dpkg -i 'snowflake-cli-3.7.2.aarch64.deb'
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.rpm' \
&& sudo rpm -i 'snowflake-cli-3.7.2.rpm'
```
</details>
<details>
<summary>Usage</summary>
```sh
# Check it works.
snow --version
# Get help.
snow --help
snow helpers -h
# List configured connections to Snowflake.
snow connection list
# Add connections.
snow connection add
# Test connections.
snow connection test
snow connection test -c 'connection-name'
# Executes Snowflake queries.
snow sql
```
</details>
<!-- Uncomment if used
<details>
<summary>Real world use cases</summary>
```sh
```
</details>
-->
## Setup
Install the package from the [Snowflake CLI repository].
<details style='padding: 0 0 1rem 1rem'>
```sh
# Linux
# DEB
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.deb' \
&& sudo dpkg -i 'snowflake-cli-3.7.2.aarch64.deb'
# RPM
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/linux_aarch64/3.7.2/snowflake-cli-3.7.2.aarch64.rpm' \
&& sudo rpm -i 'snowflake-cli-3.7.2.rpm'
# Mac OS X
# Via Homebrew
brew install 'snowflake-cli'
# Via the [Snowflake CLI repository]
curl --continue-at '-' --location --fail --show-error --remote-name \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/darwin_arm64/3.7.2/snowflake-cli-3.7.2-darwin-arm64.pkg' \
&& sudo installer -pkg 'snowflake-cli-3.7.2-darwin-arm64.pkg' -target '/' \
&& ln -swiv '/Applications/SnowflakeCLI.app/Contents/MacOS/snow' "$HOME/bin/snow"
```
</details>
Refer [Configuring Snowflake CLI] and [Managing Snowflake connections] for the configuration.
Snowflake CLI uses a global configuration file to configure connections and logs.<br/>
The CLI looks for:
- The file specified by the `--config-file` option.
- A `config.toml` file in the location specified by the `SNOWFLAKE_HOME` environment variable, if set.
- The `~/.snowflake/config.toml` file, if such directory exists.
- The `config.toml` file in the one of the following locations, based on one's operating system:
- Linux: `$XDG_CONFIG_HOME/snowflake/config.toml`.
- Windows: `%USERPROFILE%\AppData\Local\snowflake\config.toml`
- Mac OS X: `~/Library/Application Support/snowflake/config.toml`
If the global configuration file does not exist, running any `snow` command for the first time automatically creates an
empty `config.toml` file that one can then populate with the desired connections.
For MacOS and Linux systems, Snowflake CLI requires the configuration file to limit its file permissions to read and
write for the file owner only.
```sh
chown "$USER" "$HOME/.snowflake/config.toml"
chmod 'u=rw,go=' "$HOME/.snowflake/config.toml"
```
The configuration supports the following sections:
- `[connections]`, for defining and managing connections.
- `[logs]`, for configuring which types of messages are saved to log files.
A configuration file has the following structure:
```toml
[cli.logs]
save_logs = true
level = "info"
path = "/home/john/.snowflake/logs"
[connections.default]
account = "ABCDEFG-YZ01234"
user = "JDOE"
password = "SuperSecur3Pa$$word"
authenticator = "externalbrowser"
role = "PROD_SYSTEM_FR"
```
One can generate the basic settings for the TOML configuration file in Snowsight.
> [!important]
> Should a `connection.toml` file exist in the same directory as the global configuration file, Snowflake CLI will use
> the connections defined there instead of the ones in the global `config.toml` file.
One can also use environment variables to override parameter values defined in the configuration files.<br/>
Use the format `SNOWFLAKE_<config-section>_<variable>=<value>`, where:
- `<config_section>` is the name of a section in the configuration file, with periods (`.`) replaced with underscores
(`_`), e.g., `CLI_LOGS`.
- `<variable>` is the name of a variable defined in that section, e.g. `path`.
<details style='padding: 0 0 1rem 1rem'>
<summary>Examples</summary>
```sh
# Override the path parameter in the [cli.logs] section in the config.toml file
SNOWFLAKE_CLI_LOGS_PATH='/Users/jondoe/snowcli_logs' snow …
# Set the password for the 'myconnection' connection
SNOWFLAKE_CONNECTIONS_MYCONNECTION_PASSWORD='SomePassword'
# Set the default connection name
SNOWFLAKE_DEFAULT_CONNECTION_NAME='myconnection'
```
</details>
## Usage
```sh
# Add connections
snow connection add
snow --config-file 'my_config.toml' connection add \
-n 'myconnection2' --account 'myaccount2' --user 'jdoe2' --no-interactive
# List connections
snow connection list
# Test connections
snow connection test
snow --config-file='my_config.toml' connection test -c 'myconnection2' --enable-diag --diag-log-path "$HOME/report"
# Set the default connection
snow connection set-default 'myconnection2'
```
## Further readings
- [Snowflake]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
[Snowflake]: README.md
<!-- Files -->
<!-- Upstream -->
[Configuring Snowflake CLI]: https://docs.snowflake.com/en/developer-guide/snowflake-cli/connecting/configure-cli
[Managing Snowflake connections]: https://docs.snowflake.com/en/developer-guide/snowflake-cli/connecting/configure-connections
[snowflake cli repository]: https://sfc-repo.snowflakecomputing.com/snowflake-cli/index.html
[snowflake cli]: https://docs.snowflake.com/en/developer-guide/snowflake-cli/index
<!-- Others -->

84
knowledge base/snowflake/roleout.md Normal file
View File

@@ -0,0 +1,84 @@
# RoleOut
Project trying to accelerate the design and deployment of Snowflake environments through Infrastructure as Code.
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
## TL;DR
Administrators define Snowflake resources in a YAML file. RoleOut then uses it to generate SQL or Terraform code for
deployment.
> [!important]
> The tool applies opinionated best practices.<br/>
> It also comes with its own naming convention, but it can be tweaked.
<details>
<summary>Setup</summary>
```sh
# Mac OS X
curl -C '-' -LfSO --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/Roleout-2.0.1-arm64.dmg' \
&& sudo installer -pkg 'Roleout-2.0.1-arm64.dmg' -target '/' \
&& sudo xattr -r -d 'com.apple.quarantine' '/Applications/Roleout.app' \
&& curl -C '-' -LfS --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/roleout-cli-macos' \
--output "$HOME/bin/roleout-cli" \
&& chmod 'u+x' "$HOME/bin/roleout-cli" \
&& xattr -d 'com.apple.quarantine' "$HOME/bin/roleout-cli"
# Configure access
export SNOWFLAKE_ACCOUNT='ab01234.eu-west-1' \
SNOWFLAKE_USER='DIANE' SNOWFLAKE_PRIVATE_KEY_PATH='some-private-key-path' \
SNOWFLAKE_WAREHOUSE='DEV_DIANE_WH' SNOWFLAKE_ROLE='ACCOUNTADMIN'
```
</details>
<details>
<summary>Usage</summary>
```sh
# Load objects from Snowflake
roleout-cli snowflake populateProject -o 'my_config.yml'
# Update existing configurations
roleout-cli snowflake populateProject -c 'my_config.yml' -o 'my_new_config.yml'
# Import existing objects that are defined in the configuration
roleout-cli terraform import -c 'my_config.yml'
# Just write the `terraform import` commands to a file instead of running them
roleout-cli terraform import -c 'my_config.yml' --output 'my_import_commands.sh'
```
</details>
<!-- Uncomment if used
<details>
<summary>Real world use cases</summary>
```sh
```
</details>
-->
## Further readings
- [Snowflake]
- [Codebase]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
[Snowflake]: README.md
<!-- Files -->
<!-- Upstream -->
[Codebase]: https://github.com/Snowflake-Labs/roleout
<!-- Others -->

59
snippets/snowflake.fish
View File

@@ -1,6 +1,65 @@
#!/usr/bin/env fish #!/usr/bin/env fish
###
# Snowflake CLI
# ------------------
###
# Install
curl -C '-' -LfSO \ curl -C '-' -LfSO \
--url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/darwin_arm64/3.7.2/snowflake-cli-3.7.2-darwin-arm64.pkg' \ --url 'https://sfc-repo.snowflakecomputing.com/snowflake-cli/darwin_arm64/3.7.2/snowflake-cli-3.7.2-darwin-arm64.pkg' \
&& sudo installer -pkg 'snowflake-cli-3.7.2-darwin-arm64.pkg' -target '/' \ && sudo installer -pkg 'snowflake-cli-3.7.2-darwin-arm64.pkg' -target '/' \
&& ln -swiv '/Applications/SnowflakeCLI.app/Contents/MacOS/snow' "$HOME/bin/snow" && ln -swiv '/Applications/SnowflakeCLI.app/Contents/MacOS/snow' "$HOME/bin/snow"
# Show the configuration
cat "$HOME/Library/Application Support/snowflake/config.toml"
# Add connections
snow connection add
snow --config-file 'my_config.toml' connection add -n 'myconnection2' --account 'myaccount2' --user 'jdoe2' --no-interactive
# List connections
snow connection list
# Test connections
snow connection test
snow --config-file='my_config.toml' connection test -c 'myconnection2' --enable-diag --diag-log-path "$HOME/report"
# Set the default connection
snow connection set-default 'myconnection2'
# Execute SQL commands
snow sql
###
# Roleout
# ------------------
###
# Install
# Mac OS X
curl -C '-' -LfSO --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/Roleout-2.0.1-arm64.dmg' \
&& sudo installer -pkg 'Roleout-2.0.1-arm64.dmg' -target '/' \
&& sudo xattr -r -d 'com.apple.quarantine' '/Applications/Roleout.app' \
&& curl -C '-' -LfS --url 'https://github.com/Snowflake-Labs/roleout/releases/download/v2.0.1/roleout-cli-macos' \
--output "$HOME/bin/roleout-cli" \
&& chmod 'u+x' "$HOME/bin/roleout-cli" \
&& xattr -d 'com.apple.quarantine' "$HOME/bin/roleout-cli"
# Configure access
export SNOWFLAKE_ACCOUNT='ab01234.eu-west-1' \
SNOWFLAKE_USER='DIANE' SNOWFLAKE_PRIVATE_KEY_PATH='some-private-key-path' \
SNOWFLAKE_WAREHOUSE='DEV_DIANE_WH' SNOWFLAKE_ROLE='ACCOUNTADMIN'
# Load objects from Snowflake
roleout-cli snowflake populateProject -o 'my_config.yml'
# Update existing configurations
roleout-cli snowflake populateProject -c 'my_config.yml' -o 'my_new_config.yml'
# Import existing objects that are defined in the configuration
roleout-cli terraform import -c 'my_config.yml'
# Just write the `terraform import` commands to a file instead of running them
roleout-cli terraform import -c 'my_config.yml' --output 'my_import_commands.sh'
roleout-cli terraform import -c 'my_config.yml' -o '/dev/stdout'