Skip to main content

Snowflake Object Lifecycle Orchestrator

TypePre-Set
Image$DATAOPS_SNOWFLAKEOBJECTLIFECYCLE_RUNNER_IMAGE

The Snowflake Object Lifecycle Engine (SOLE) is a pre-set orchestrator. And it is responsible for engaging with the Snowflake Object Lifecycle Engine (or SOLE) to process the Snowflake object configuration stored in the /dataops/snowflake project directory.

For more information, refer to the SOLE User Guide and the SOLE Reference Guide.

Usage

SOLE uses lifecycle-actions to manage its processes and operations. As described in the lifecycle actions doc, there are eight different lifecycle actions, grouped into two groups:

Let's look at the code for each group as found in the DataOps Reference Project:

Snowflake Setup with AGGREGATE

pipelines/includes/local_overrides/snowflake_lifecycle.yml
"Set Up Snowflake":
extends:
- .agent_tag
stage: Snowflake Setup
image: $DATAOPS_SNOWFLAKEOBJECTLIFECYCLE_RUNNER_IMAGE
variables:
LIFECYCLE_ACTION: AGGREGATE
ARTIFACT_DIRECTORY: $CI_PROJECT_DIR/snowflake-artifacts
CONFIGURATION_DIR: $CI_PROJECT_DIR/dataops/snowflake
resource_group: $CI_JOB_NAME
script:
- /dataops
artifacts:
when: always
paths:
- $ARTIFACT_DIRECTORY
icon: ${SNOWFLAKEOBJECTLIFECYCLE_ICON}

Cleanup with AGGREGATE-DESTROY

pipelines/includes/local_overrides/snowflake_lifecycle.yml
"Tear Down Snowflake":
extends:
- .agent_tag
stage: Clean Up
image: $DATAOPS_SNOWFLAKEOBJECTLIFECYCLE_RUNNER_IMAGE
variables:
LIFECYCLE_ACTION: AGGREGATE-DESTROY
ARTIFACT_DIRECTORY: $CI_PROJECT_DIR/snowflake-artifacts
CONFIGURATION_DIR: $CI_PROJECT_DIR/dataops/snowflake
resource_group: $CI_JOB_NAME
script:
- /dataops
artifacts:
when: always
paths:
- $ARTIFACT_DIRECTORY
icon: ${SNOWFLAKEOBJECTLIFECYCLE_ICON}
rules:
## Block this job from master (PROD) and qa (QA) branches
- if: '$CI_COMMIT_REF_NAME == $DATAOPS_BRANCH_NAME_PROD || $CI_COMMIT_REF_NAME == $DATAOPS_BRANCH_NAME_QA'
when: never
## For all other branches, enable this job to be run manually
- when: manual

Supported Parameters

ParameterRequired/DefaultDescription
CONFIGURATION_DIRREQUIRED, defaults to $CI_PROJECT_DIR/dataops/snowflakeThe project directory where the Snowflake configuration files are located.
ARTIFACT_DIRECTORYOptional, defaults to $CI_PROJECT_DIR/snowflake-providerThe path to where the artifacts such as the resource files, import files, and state files are uploaded. It is essential to specify the ARTIFACT_DIRECTORY as an artifact in the related DataOps job.
LIFECYCLE_ACTIONREQUIREDSee below for this parameter's valid values.
LIFECYCLE_MANAGE_OBJECTOptionalSee below for this parameter's valid values. If no value is specified, all object groups are managed.
DATAOPS_SOLE_ACCOUNTREQUIRED, from connection parametersThe Snowflake account. If the account is a region-based account or the organization name is not used, the region must be added to this variable.
DATAOPS_SOLE_USERNAMEREQUIRED, for password-based authentication, from connection parametersThe Snowflake account username
DATAOPS_SOLE_PASSWORDREQUIRED, for password-based authentication, from connection parametersThe Snowflake account password
DATAOPS_SOLE_ROLEREQUIRED , from connection parametersThe Snowflake role that can run queries.
DATAOPS_SOLE_WAREHOUSEOptional , from connection parametersThe Snowflake warehouse used for SOLE Grant Management.
DATAOPS_PREFIXREQUIRED, from project settingsThis prefix is added to all account-level objects and databases (except the default database).
DATAOPS_DATABASEREQUIRED, from project settingsThe default database name - required if the default database is specified in the configuration as {{env.DATAOPS_DATABASE}}.
DATAOPS_DATABASE_MASTEROptional, from project settingsThe PROD or main/master database - required if the production database is referenced in the configuration by the variable {{env.DATAOPS_DATABASE_MASTER}}.
DATAOPS_ENV_NAMEREQUIRED, from project settingsThis suffix is added to all account-level objects and databases (except the default database).
DATAOPS_ENV_NAME_PRODOptional, defaults to masterSpecifies the branch used as the production environment
DATAOPS_NONDB_ENV_NAMEOptionalThe suffix override value - if specified, it overrides all branch-specific suffixes with its value.
LIFECYCLE_RESOURCE_FILEOptional, defaults to resources.tf.jsonThe file name containing the resource definitions.
LIFECYCLE_IMPORT_FILEOptional, defaults to resource_imports.jsonThe file name containing the resource import statements.
LIFECYCLE_STATE_RESETOptionalIf set, the local state is reset and all defined and managed objects are re-initialized.
PROVIDER_DIROptional, defaults to /snowflake-providerThe provider configuration directory path - it must contain a file named provider.tf with a list of Snowflake providers.
DISABLE_PERSISTENT_CACHEOptionalIf set, it disables persistent cache usage by the orchestrator. The user must handle the generated file transfers between jobs.
DONT_USE_SOLE_GRANT_MANAGEMENTOptionalIf set, it disables SOLE Grant Management for managing the privilege/role grants and revokes and uses the Terraform Provider.
DATAOPS_SOLE_OVERRIDEOptionalIf set, it overrides the object's delete/update prevention feature.
DATAOPS_SOLE_DEBUGOptionalIf set, it enables the debug logs for SOLE without exposing any credentials when writing to these logs.
SOLE_LOG_CLEANUPOptionalIf set, it removes all the log files from the host system's cache.
SOLE_CACHE_CLEANUPOptionalIf set, it removes the host system's cache.
DATAOPS_PRESERVE_OBJECT_NAMEOptionalIf set, it enables special character support.
SET_TERRAFORM_KEYS_TO_ENVOptionalIf set, it exports SOLE credentials from the DataOps Vault to the pipeline environment.

CONFIGURATION_DIR

The CONFIGURATION_DIR parameter specifies your project directory where the Snowflake configuration files are located. Refer to the SOLE Managed Object Reference for supported configurations.

LIFECYCLE_ACTION

The valid values for this variable are as follows:

  • AGGREGATE - execute compile, validate, plan, and apply
  • COMPILE - only compile the Snowflake configuration found in the CONFIGURATION_DIR
  • VALIDATE - only validate the compiled resources
  • PLAN - only plan the validated configuration
  • APPLY - only apply the planned configuration
  • AGGREGATE-DESTROY - execute compile, validate, plan-destroy, and destroy
  • PLAN-DESTROY - only plan how to tear down the Snowflake configuration
  • DESTROY - only execute the teardown plan

LIFECYCLE_MANAGE_OBJECT

The valid values for this variable are as follows:

If no value is specified for this parameter, all object groups are managed in sequence.

DATAOPS_SOLE_DEBUG

Setting DATAOPS_SOLE_DEBUG to a value enables SOLE'S debug mode. This generates more log-output related to SOLE'S internal processes and is useful for debugging if a job fails or behaves unexpectedly. No credentials are logged when using DATAOPS_SOLE_DEBUG. The SOLE credentials are masked by a fixed 16-length character X.

Key Pair Authentication

SOLE Orchestrator supports using key pair authentication. To know more on how to configure it, see Key Pair Authentication.

Example Jobs

As described in the Usage section above, the SOLE Orchestrator facilitates the implementation of the two aggregate lifecycle_actions, AGGREGATE and AGGREGATE-DESTROY. At the risk of duplicating content, providing context to the following example jobs is a good idea. Therefore, let's assume you need to create a new feature branch to develop a new report. Once the code has been written, it must be tested. To test this report, you need to run a DataOps pipeline, including the setup and tear-down Snowflake jobs.

Set Up Snowflake

The default from the DataOps Reference Project for setting up Snowflake uses the AGGREGATE lifecycle action.

pipelines/includes/local_overrides/snowflake_lifecycle.yml
"Set Up Snowflake":
extends:
- .agent_tag
stage: "Snowflake Setup"
image: $DATAOPS_SNOWFLAKEOBJECTLIFECYCLE_RUNNER_IMAGE
variables:
LIFECYCLE_ACTION: AGGREGATE
ARTIFACT_DIRECTORY: $CI_PROJECT_DIR/snowflake-artifacts
CONFIGURATION_DIR: $CI_PROJECT_DIR/dataops/snowflake
resource_group: $CI_JOB_NAME
script:
- /dataops
artifacts:
when: always
paths:
- $ARTIFACT_DIRECTORY
icon: ${SNOWFLAKEOBJECTLIFECYCLE_ICON}

Tear Down Snowflake

The default from the DataOps Reference Project for tearing down Snowflake for a feature branch uses the AGGREGATE-DESTROY lifecycle action.

pipelines/includes/local_overrides/snowflake_lifecycle.yml
"Tear Down Snowflake":
extends:
- .agent_tag
stage: Clean Up
image: $DATAOPS_SNOWFLAKEOBJECTLIFECYCLE_RUNNER_IMAGE
variables:
LIFECYCLE_ACTION: AGGREGATE-DESTROY
ARTIFACT_DIRECTORY: $CI_PROJECT_DIR/snowflake-artifacts
CONFIGURATION_DIR: $CI_PROJECT_DIR/dataops/snowflake
resource_group: $CI_JOB_NAME
script:
- /dataops
artifacts:
when: always
paths:
- $ARTIFACT_DIRECTORY
icon: ${SNOWFLAKEOBJECTLIFECYCLE_ICON}
rules:
## Block this job from master (PROD) and qa (QA) branches
- if: '$CI_COMMIT_REF_NAME == $DATAOPS_BRANCH_NAME_PROD || $CI_COMMIT_REF_NAME == $DATAOPS_BRANCH_NAME_QA'
when: never
## For all other branches, enable this job to be run manually
- when: manual

Individual Jobs

For further examples on how to use the lifecycle actions and the object hierarchies with the SOLE orchestrator refer to the lifecycle action jobs user guide.

Project Resources

None

Host Dependencies (and Resources)

None