-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(ingest): add snowflake-beta source
- Loading branch information
1 parent
d8b2350
commit 6c04ed6
Showing
8 changed files
with
1,694 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,4 @@ | ||
| To get all metadata from Snowflake you need to use two plugins `snowflake` and `snowflake-usage`. Both of them are described in this page. These will require 2 separate recipes. We understand this is not ideal and we plan to make this easier in the future. | ||
|
|
||
|
|
||
| We encourage you to try out new `snowflake-beta` plugin as alternative to `snowflake` plugin and share feedback. `snowflake-beta` is much faster than `snowflake` for extracting metadata. Please note that, `snowflake-beta` plugin currently does not support stateful ingestion and column level profiling, unlike `snowflake` plugin. |
56 changes: 56 additions & 0 deletions
56
metadata-ingestion/docs/sources/snowflake/snowflake-beta.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| ### Prerequisites | ||
|
|
||
| In order to execute this source, your Snowflake user will need to have specific privileges granted to it for reading metadata | ||
| from your warehouse. | ||
|
|
||
| Snowflake system admin can follow this guide to create a DataHub-specific role, assign it the required privileges, and assign it to a new DataHub user by executing the following Snowflake commands from a user with the `ACCOUNTADMIN` role or `MANAGE GRANTS` privilege. | ||
|
|
||
| ```sql | ||
| create or replace role datahub_role; | ||
|
|
||
| // Grant access to a warehouse to run queries to view metadata | ||
| grant operate, usage on warehouse "<your-warehouse>" to role datahub_role; | ||
|
|
||
| // Grant access to view database and schema in which your tables/views exist | ||
| grant usage on DATABASE "<your-database>" to role datahub_role; | ||
| grant usage on all schemas in database "<your-database>" to role datahub_role; | ||
| grant usage on future schemas in database "<your-database>" to role datahub_role; | ||
|
|
||
| // If you are NOT using Snowflake Profiling feature: Grant references privileges to your tables and views | ||
| grant references on all tables in database "<your-database>" to role datahub_role; | ||
| grant references on future tables in database "<your-database>" to role datahub_role; | ||
| grant references on all external tables in database "<your-database>" to role datahub_role; | ||
| grant references on future external tables in database "<your-database>" to role datahub_role; | ||
| grant references on all views in database "<your-database>" to role datahub_role; | ||
| grant references on future views in database "<your-database>" to role datahub_role; | ||
|
|
||
| // If you ARE using Snowflake Profiling feature: Grant select privileges to your tables and views | ||
| grant select on all tables in database "<your-database>" to role datahub_role; | ||
| grant select on future tables in database "<your-database>" to role datahub_role; | ||
| grant select on all external tables in database "<your-database>" to role datahub_role; | ||
| grant select on future external tables in database "<your-database>" to role datahub_role; | ||
| grant select on all views in database "<your-database>" to role datahub_role; | ||
| grant select on future views in database "<your-database>" to role datahub_role; | ||
|
|
||
| // Create a new DataHub user and assign the DataHub role to it | ||
| create user datahub_user display_name = 'DataHub' password='' default_role = datahub_role default_warehouse = '<your-warehouse>'; | ||
|
|
||
| // Grant the datahub_role to the new DataHub user. | ||
| grant role datahub_role to user datahub_user; | ||
| ``` | ||
|
|
||
| The details of each granted privilege can be viewed in [snowflake docs](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html). A summarization of each privilege, and why it is required for this connector: | ||
| - `operate` is required on warehouse to execute queries | ||
| - `usage` is required for us to run queries using the warehouse | ||
| - `usage` on `database` and `schema` are required because without it tables and views inside them are not accessible. If an admin does the required grants on `table` but misses the grants on `schema` or the `database` in which the table/view exists then we will not be able to get metadata for the table/view. | ||
| - If metadata is required only on some schemas then you can grant the usage privilieges only on a particular schema like | ||
| ```sql | ||
| grant usage on schema "<your-database>"."<your-schema>" to role datahub_role; | ||
| ``` | ||
|
|
||
| This represents the bare minimum privileges required to extract databases, schemas, views, tables from Snowflake. | ||
|
|
||
| If you plan to enable extraction of table lineage, via the `include_table_lineage` config flag, you'll also need to grant access to the [Account Usage](https://docs.snowflake.com/en/sql-reference/account-usage.html) system tables, using which the DataHub source extracts information. This can be done by granting access to the `snowflake` database. | ||
| ```sql | ||
| grant imported privileges on database snowflake to role datahub_role; | ||
| ``` |
46 changes: 46 additions & 0 deletions
46
metadata-ingestion/docs/sources/snowflake/snowflake-beta_recipe.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| source: | ||
| type: snowflake-beta | ||
| config: | ||
|
|
||
| # This option is recommended to be used for the first time to ingest all lineage | ||
| ignore_start_time_lineage: true | ||
| # This is an alternative option to specify the start_time for lineage | ||
| # if you don't want to look back since beginning | ||
| start_time: '2022-03-01T00:00:00Z' | ||
|
|
||
| # Coordinates | ||
| account_id: "abc48144" | ||
| warehouse: "COMPUTE_WH" | ||
|
|
||
| # Credentials | ||
| username: "${SNOWFLAKE_USER}" | ||
| password: "${SNOWFLAKE_PASS}" | ||
| role: "datahub_role" | ||
|
|
||
| # Change these as per your database names. Remove to all all databases | ||
| database_pattern: | ||
| allow: | ||
| - "^ACCOUNTING_DB$" | ||
| - "^MARKETING_DB$" | ||
| schema_pattern: | ||
| deny: | ||
| - "information_schema.*" | ||
| table_pattern: | ||
| allow: | ||
| # If you want to ingest only few tables with name revenue and sales | ||
| - ".*revenue" | ||
| - ".*sales" | ||
|
|
||
| profiling: | ||
| # Change to false to disable profiling | ||
| enabled: true | ||
| profile_table_level_only: true | ||
| profile_pattern: | ||
| allow: | ||
| - 'ACCOUNTING_DB.*.*' | ||
| - 'MARKETING_DB.*.*' | ||
| deny: | ||
| - '.*information_schema.*' | ||
|
|
||
| sink: | ||
| # sink configs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
Oops, something went wrong.