Snowflake Orchestrator
Professional Enterprise
Image | $DATAOPS_SNOWFLAKE_RUNNER_IMAGE |
---|
The Snowflake orchestrator runs ad-hoc SQL statements against a Snowflake database. It handles the database connection and the SQL statement execution using credentials stored in the DataOps Vault.
Using this orchestrator, you can execute SQL statements either directly through the environment variables or by using the dataops-snowsql
command-line tool.
Usage
A typical use case for this orchestrator is to connect to Snowflake and retrieve contextual information from the database or trigger additional actions during pipeline execution.
For instance, the following example illustrates how you can use this orchestrator to emit information about the current account, database, schema, connected user, role, and additionally available roles to the user.
- Run SQL Statement Using Variables
- Run SQL Statement Using dataops-snowsql
Direct SQL:
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
extends:
- .agent_tag
stage: "Snowflake Actions"
variables:
DATAOPS_SNOWSQL_USER: DATAOPS_VAULT(SNOWFLAKE.SOLE.USERNAME)
DATAOPS_SNOWSQL_PASSWORD: DATAOPS_VAULT(SNOWFLAKE.SOLE.PASSWORD)
DATAOPS_SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.SOLE.ACCOUNT)
DATAOPS_SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.SOLE.ROLE)
DATAOPS_SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.TRANSFORM.WAREHOUSE)
DATAOPS_SNOWSQL_FORMAT: psql
DATAOPS_RUN_SQL: select current_region(), current_account(), current_database(), current_schema(), current_user(), current_role(), current_available_roles();
script:
- /dataops
icon: ${SNOWFLAKE_ICON}
Direct SQL:
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
extends:
- .agent_tag
stage: "Snowflake Actions"
variables:
SNOWSQL_USERNAME: DATAOPS_VAULT(SNOWFLAKE.SOLE.USERNAME)
SNOWSQL_PWD: DATAOPS_VAULT(SNOWFLAKE.SOLE.PASSWORD)
SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.SOLE.ACCOUNT)
SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.SOLE.ROLE)
SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.TRANSFORM.WAREHOUSE)
DATAOPS_SOURCE_FILE: $CI_PROJECT_DIR/env.sh
script:
- /dataops
- source $DATAOPS_SOURCE_FILE
# emit information about the connected user, role, etc
- dataops-snowsql -u $SNOWSQL_USERNAME -p "$SNOWSQL_PWD" -a $SNOWSQL_ACCOUNT -r $SNOWSQL_ROLE -w $SNOWSQL_WAREHOUSE -f psql "select current_region(), current_account(), current_database(), current_schema(), current_user(), current_role(), current_available_roles();"
icon: ${SNOWFLAKE_ICON}
Another use case is to provide to a .sql
file path as a parameter, for example, scripts/example_script.sql
. The orchestrator accesses the file and executes all the commands listed in the file. This is particularly useful when you want to execute multiple consecutive SQL commands in a single run or have a multiline SQL command that you want to maintain in a separate .sql
file.
- Run SQL File Using Variables
- Run SQL File Using dataops-snowsql
Direct SQL:
extends:
- .agent_tag
stage: "Additional Configuration"
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
variables:
DATAOPS_SNOWSQL_USER: DATAOPS_VAULT(SNOWFLAKE.SOLE.USERNAME)
DATAOPS_SNOWSQL_PASSWORD: DATAOPS_VAULT(SNOWFLAKE.SOLE.PASSWORD)
DATAOPS_SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.SOLE.ACCOUNT)
DATAOPS_SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.SOLE.ROLE)
DATAOPS_SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.TRANSFORM.WAREHOUSE)
DATAOPS_RUN_SQL: $CI_PROJECT_DIR/scripts/example_script.sql
script:
- /dataops
icon: ${SNOWFLAKE_ICON}
Direct SQL:
extends:
- .agent_tag
stage: "Additional Configuration"
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
variables:
SNOWSQL_USERNAME: DATAOPS_VAULT(SNOWFLAKE.SOLE.USERNAME)
SNOWSQL_PWD: DATAOPS_VAULT(SNOWFLAKE.SOLE.PASSWORD)
SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.SOLE.ACCOUNT)
SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.SOLE.ROLE)
SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.TRANSFORM.WAREHOUSE)
DATAOPS_SOURCE_FILE: $CI_PROJECT_DIR/env.sh
DATAOPS_RUN_SQL_SCRIPT: $CI_PROJECT_DIR/scripts/example_script.sql
script:
- /dataops
- source $DATAOPS_SOURCE_FILE
- echo DATAOPS_RUN_SQL_SCRIPT
- dataops-snowsql -u $SNOWSQL_USERNAME -p "$SNOWSQL_PWD" -a $SNOWSQL_ACCOUNT -r $SNOWSQL_ROLE -w $SNOWSQL_WAREHOUSE "$DATAOPS_RUN_SQL_SCRIPT"
icon: ${SNOWFLAKE_ICON}
dataops-snowsql
command-line arguments
In this context, it is essential to note that the dataops-snowsql
script has the following command-line arguments:
$ dataops-snowsql --help
usage: dataops-snowsql [-h] [-a ACCOUNT] [-u USER] [-p PASSWORD] [-k KEY_PAIR]
[--passphrase PASSPHRASE] [--auth {KEY_PAIR,PASSWORD}]
[-r ROLE] [-w WAREHOUSE] [-d DATABASE] [-s SCHEMA]
[-f {table,yaml,psql,csv,json,expanded,fancy_grid,grid,html,latex,latex_booktabs,mediawiki,orgtbl,pipe,plain,rst,simple,tsv}]
[-o OUTFILE] [--transaction]
[sql]
Run a SQL query against Snowflake and return the results.
positional arguments:
sql SQL statement to execute (or set DATAOPS_RUN_SQL or
pipe to stdin)
optional arguments:
-h, --help show this help message and exit
-a ACCOUNT, --account ACCOUNT
Snowflake account, e.g. acme123.eu-west-2.aws (or set
DATAOPS_SNOWSQL_ACCOUNT)
-u USER, --user USER Snowflake username (or set DATAOPS_SNOWSQL_USER)
-p PASSWORD, --password PASSWORD
Snowflake password (or set DATAOPS_SNOWSQL_PASSWORD)
-k KEY_PAIR, --key_pair KEY_PAIR
Snowflake Key-Pair file path (or set
DATAOPS_SNOWFLAKE_KEY_PAIR_PATH)
--passphrase PASSPHRASE
Passphrase for Authentication using Key-Pair (or set
DATAOPS_SNOWFLAKE_PASSPHRASE)
--auth {KEY_PAIR,PASSWORD}
Authentication method for Snowflake (or set
DATAOPS_SNOWFLAKE_AUTH)
-r ROLE, --role ROLE Snowflake role (or set DATAOPS_SNOWSQL_ROLE)
-w WAREHOUSE, --warehouse WAREHOUSE
Snowflake warehouse (or set DATAOPS_SNOWSQL_WAREHOUSE)
-d DATABASE, --database DATABASE
Snowflake database (or set DATAOPS_SNOWSQL_DATABASE)
-s SCHEMA, --schema SCHEMA
Snowflake schema (or set DATAOPS_SNOWSQL_SCHEMA)
-f {table,yaml,psql,csv,json,expanded,fancy_grid,grid,html,latex,latex_booktabs,mediawiki,orgtbl,pipe,plain,rst,simple,tsv}, --format {table,yaml,psql,csv,json,expanded,fancy_grid,grid,html,latex,latex_booktabs,mediawiki,orgtbl,pipe,plain,rst,simple,tsv}
Display/output format for the results (or set
DATAOPS_SNOWSQL_FORMAT)
-o OUTFILE, --outfile OUTFILE
Save the results to this file (or set
DATAOPS_SNOWSQL_OUTFILE, otherwise stdout)
--transaction Execute SQL queries in a transaction (or set
DATAOPS_SNOWSQL_TRANSACTION)
To enable DEBUG
level logging, set the variables job variable DATAOPS_DEBUG
to true. The additional debug output will be sent to the OUTFILE file specified with the -o
command line argument.
Example jobs
Retrieving the pipeline database's DDL
This example illustrates how to retrieve the executing DataOps pipeline's Snowflake database's DDL script and store it as an artifact attached to the job.
Typically, this DDL script's name is similar to DATAOPS_PROD-123456.sql
if the executing pipeline is a production-environment pipeline.
- Run SQL File Using Variables
- Run SQL File Using dataops-snowsql
Direct SQL:
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
extends:
- .agent_tag
stage: "Snowflake Actions"
variables:
DATAOPS_SNOWSQL_USER: DATAOPS_VAULT(SNOWFLAKE.SOLE.USERNAME)
DATAOPS_SNOWSQL_PASSWORD: DATAOPS_VAULT(SNOWFLAKE.SOLE.PASSWORD)
DATAOPS_SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.SOLE.ACCOUNT)
DATAOPS_SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.SOLE.ROLE)
DATAOPS_SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.TRANSFORM.WAREHOUSE)
DATAOPS_SNOWSQL_FORMAT: psql
DATAOPS_SNOWSQL_OUTFILE: ${DATAOPS_DATABASE}-${CI_PIPELINE_ID}.sql
DATAOPS_RUN_SQL: select get_ddl('database', '${DATAOPS_DATABASE}');
script:
- /dataops
icon: ${SNOWFLAKE_ICON}
artifacts:
name: ${DATAOPS_DATABASE} DDL
paths:
- ${DATAOPS_DATABASE}-${CI_PIPELINE_ID}.sql
Direct SQL:
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
extends:
- .agent_tag
stage: "Snowflake Actions"
variables:
SNOWSQL_USERNAME: DATAOPS_VAULT(SNOWFLAKE.SOLE.USERNAME)
SNOWSQL_PWD: DATAOPS_VAULT(SNOWFLAKE.SOLE.PASSWORD)
SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.SOLE.ACCOUNT)
SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.SOLE.ROLE)
SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.TRANSFORM.WAREHOUSE)
DATAOPS_SOURCE_FILE: $CI_PROJECT_DIR/env.sh
script:
- /dataops
- source $DATAOPS_SOURCE_FILE
- dataops-snowsql -u $SNOWSQL_USERNAME -p "$SNOWSQL_PWD" -a $SNOWSQL_ACCOUNT -r $SNOWSQL_ROLE -w $SNOWSQL_WAREHOUSE -f table -o ${DATAOPS_DATABASE}-${CI_PIPELINE_ID}.sql "select get_ddl('database', '${DATAOPS_DATABASE}');"
icon: ${SNOWFLAKE_ICON}
artifacts:
name: ${DATAOPS_DATABASE} DDL
paths:
- ${DATAOPS_DATABASE}-${CI_PIPELINE_ID}.sql
Using key-pair authentication
Before using key-pair authentication in the Snowflake orchestrator, you need to have a private and public key pair configured first. To do this, follow the instructions in the key-pair authentication guide.
After configuring the keys, you can refer to the example below to run SQL statements against a Snowflake database using key-pair authentication.
- Key-pair authentication without Passphrase
- Key-pair authentication with Passphrase
Run SQL using key-pair authentication:
extends:
- .agent_tag
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
icon: ${SNOWFLAKE_ICON}
stage: "Snowflake Actions"
variables:
DATAOPS_SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.ACCOUNT)
DATAOPS_SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.WAREHOUSE)
DATAOPS_SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.ROLE)
DATAOPS_SNOWSQL_USER: DATAOPS_VAULT(SNOWFLAKE.USER)
DATAOPS_SNOWFLAKE_AUTH: KEY_PAIR
DATAOPS_SNOWFLAKE_KEY_PAIR: DATAOPS_VAULT(SNOWFLAKE.PKEY)
DATAOPS_RUN_SQL: $CI_PROJECT_DIR/sql/test_query.sql
script:
- /dataops
Run SQL using key-pair authentication with Passphrase:
extends:
- .agent_tag
image: $DATAOPS_SNOWFLAKE_RUNNER_IMAGE
icon: ${SNOWFLAKE_ICON}
stage: "Snowflake Actions"
variables:
DATAOPS_SNOWSQL_ACCOUNT: DATAOPS_VAULT(SNOWFLAKE.ACCOUNT)
DATAOPS_SNOWSQL_WAREHOUSE: DATAOPS_VAULT(SNOWFLAKE.WAREHOUSE)
DATAOPS_SNOWSQL_ROLE: DATAOPS_VAULT(SNOWFLAKE.ROLE)
DATAOPS_SNOWSQL_USER: DATAOPS_VAULT(SNOWFLAKE.USER)
DATAOPS_SNOWFLAKE_AUTH: KEY_PAIR
DATAOPS_SNOWFLAKE_KEY_PAIR: DATAOPS_VAULT(SNOWFLAKE.PKEY)
DATAOPS_SNOWFLAKE_PASSPHRASE: DATAOPS_VAULT(SNOWFLAKE.PASSPHRASE)
DATAOPS_RUN_SQL: $CI_PROJECT_DIR/sql/test_query.sql
script:
- /dataops