Skip to main content
Skip table of contents

Snowflake DMF (via Collector method) - v3.0.0

About Collectors

Collector Method

Collectors are extractors that are developed and managed by you (A customer of K).

KADA provides python libraries that customers can use to quickly deploy a Collector.

Why you should use a Collector

There are several reasons why you may use a collector vs the direct connect extractor:

  1. You are using the KADA SaaS offering and it cannot connect to your sources due to firewall restrictions

  2. You want to push metadata to KADA rather than allow it pull data for Security reasons

  3. You want to inspect the metadata before pushing it to K

Using a collector requires you to manage

  1. Deploying and orchestrating the extract code

  2. Managing a high water mark so the extract only pull the latest metadata

  3. Storing and pushing the extracts to your K instance.


Pre-requisites

Collector Server Minimum Requirements

For the collector to operate effectively, it will need to be deployed on a server with the below minimum specifications:

  • CPU: 2 vCPU

  • Memory: 8GB

  • Storage: 30GB (depends on historical data extracted)

  • OS: unix distro e.g. RHEL preferred but can also work with Windows Server.

  • Python 3.10.x or later

  • Access to K landing directory

Snowflake Requirements

  • Access to Snowflake (see section below). The instructions for access assume you have already added the Snowflake source in K.


Step 1: Snowflake Access

Option 1: Extending the K user with access to Snowflake DMF

Assuming you followed the Snowflake integration instructions and created a role called CATALOG_READ_ONLY you can follow the steps to add grants to extend the user to be able to read Snowflake DMF details

CODE
--Log in with a user that has the permissions to assign/update roles

--Add the following DQ related roles to the KADA role created previously
GRANT APPLICATION ROLE SNOWFLAKE.DATA_QUALITY_MONITORING_VIEWER TO ROLE CATALOG_READ_ONLY;
GRANT DATABASE ROLE SNOWFLAKE.DATA_METRIC_USER TO ROLE CATALOG_READ_ONLY
GRANT DATABASE ROLE SNOWFLAKE.OBJECT_VIEWER TO ROLE CATALOG_READ_ONLY

Option 2: Creating a user with access to Snowflake DMF

To create a user with general access to metadata available in Snowflake Account Usage schema

CODE
--Log in with a user that has the permissions to create a role/user

--Create a new role for the Catalog user
Create role CATALOG_READ_ONLY;

--Grant the role access to the Account usage schema
grant imported privileges on database Snowflake to CATALOG_READ_ONLY;
grant select on all tables in schema SNOWFLAKE.ACCOUNT_USAGE to CATALOG_READ_ONLY;
grant monitor on account to role CATALOG_READ_ONLY;
GRANT APPLICATION ROLE SNOWFLAKE.DATA_QUALITY_MONITORING_VIEWER TO ROLE CATALOG_READ_ONLY;
GRANT DATABASE ROLE SNOWFLAKE.DATA_METRIC_USER TO ROLE CATALOG_READ_ONLY
GRANT DATABASE ROLE SNOWFLAKE.OBJECT_VIEWER TO ROLE CATALOG_READ_ONLY

--Create a new user for K and grant it the role (remove the [])
create user [kada_user] password=['abc123!@#'] default_role = CATALOG_READ_ONLY default_warehouse = [warehouse];

From the above record down the following to be used for the setup

  1. User name / Password

  2. Role

  3. Warehouse

  4. (If creating a new database for metadata) Database name

  5. Snowflake account (found in the URL of your Snowflake instance - between https:// and .snowflakecomputing.com/…)

If you want the connect to Snowflake via Key Pair Authentication, follow these steps https://docs.snowflake.com/en/user-guide/key-pair-auth#step-1-generate-the-private-key and attach the key to the user you created.


Step 2: Create the Source in K

Create a Snowflake source in K

  • Go to Settings, Select Sources and click Add Source

  • Select Snowflake DMF and click next

  • Select “Load from File” option

  • Give the source a Name - e.g. Snowflake Production

  • Add the Host name for the Snowflake Server

  • Click Finish Setup


Step 3: Getting Access to the Source Landing Directory

Collector Method

When using a Collector you will push metadata to a K landing directory.

To find your landing directory you will need to

  1. Go to Platform Settings - Settings. Note down the value of this setting

    1. If using Azure: storage_azure_storage_account

    2. if using AWS:

      1. storage_root_folder - the AWS s3 bucket

      2. storage_aws_region - the region where the AWS s3 bucket is hosted

  2. Go to Sources - Edit the Source you have configured. Note down the landing directory in the About this Source section

To connect to the landing directory you will need

  • If using Azure: a SAS token to push data to the landing directory. Request this from KADA Support (support@kada.ai)

  • if using AWS:

    • an Access key and Secret. Request this from KADA Support (support@kada.ai)

    • OR provide your IAM role to KADA Support to provision access.


Step 4: Install the Collector

It is recommended to use a python environment such as pyenv or pipenv if you are not intending to install this package at the system level.

You can download the latest Core Library and Snowflake whl via Platform Settings → SourcesDownload Collectors

Run the following command to install the collector.

CODE
pip install kada_collectors_extractors_<version>-none-any.whl

You will also need to install the latest common library kada_collectors_lib for this collector to function properly.

CODE
pip install kada_collectors_lib-<version>-none-any.whl

Some python packages also have dependencies on the OS level packages, so you may be required to install additional OS packages if the below fails to install. These are some known possible packages you may require depending on your OS, this is not exhaustive and only serves as a guide.

OS

Packages

CentOS

libffi-devel
openssl-devel

Ubuntu

libssl-dev
libffi-dev

Please also see https://docs.snowflake.com/en/user-guide/python-connector-install.html


Step 5: Configure the Collector

The collector requires a set of parameters to connect to and extract metadata from Snowflake

FIELD

FIELD TYPE

DESCRIPTION

EXAMPLE

account

string

Snowflake account

“abc123.australia-east.azure”

username

string

Username to log into the snowflake account, if use_private_key is true, this must be the user associated to the private key

password

string

Password to log into the snowflake account, if use_private_key is true then this is the password/passphrase to that private key, if your private key for some reason is NOT encrypted, then you can leave this blank.

information_database

string

Database where all the required tables are located, generally this is snowflake or use the database created in Step 1

“snowflake”

role

string

The role to access the required account_usage tables, generally this is accountadmin

“accountadmin”

warehouse

string

The warehouse to execute the queries against

“xs_analytics”

login_timeout

integer

The max amount of time in seconds allowed for the extractor to establish and authenticate a connection, generally 5 is sufficient but if you have a slow network you can increase this up to 20

5

output_path

string

Absolute path to the output location where files are to be written

“/tmp/output”

mask

boolean

To enable masking or not

true

compress

boolean

To gzip the output or not

true

use_private_key

boolean

To use private key or not

true

private_key

string

The private key value as text. The key requires formatting

  1. Convert your key file to UNIX end of line character.

  2. Convert unix end of line characters to literal \n

  3. Include the header and footer BEGIN and END

CODE
-----BEGIN ENCRYPTED PRIVATE KEY-----\nblah\nblah\nblah\n-----END ENCRYPTED PRIVATE KEY-----

snowflake_host

string

The host value for snowflake source that was onboarded in K, this is different to the snowflake dq source. This is so that the items extracted can link back up to the snowflake database items.

“abc123.australia-east.azure.snowflakecomputing.com”

These parameters can be added directly into the run or you can use pass the parameters in via a JSON file. The following is an example you can use that is included in the example run code below.

kada_snowflake_extractor_config.json

JSON
{
    "account": "",
    "username": "",
    "password": "",
    "information_database": "",
    "role": "",
    "warehouse": "",
    "login_timeout": 5,
    "output_path": "/tmp/output",
    "mask": true,
    "compress": true
    "use_private_key": false,
    "private_key": "",
    "snowflake_host": ""
}

Step 6: Run the Collector

The following code is an example of how to run the extractor. You may need to uplift this code to meet any code standards at your organisation.

This can be executed in any python environment where the whl has been installed.

This is the wrapper script: kada_snowflake_dmf_extractor.py

PY
import os
import argparse
from kada_collectors.extractors.utils import load_config, get_hwm, publish_hwm, get_generic_logger
from kada_collectors.extractors.snowflake_dmf import Extractor

get_generic_logger('root') # Set to use the root logger, you can change the context accordingly or define your own logger

_type = 'snowflake_dmf'
dirname = os.path.dirname(__file__)
filename = os.path.join(dirname, 'kada_{}_extractor_config.json'.format(_type))

parser = argparse.ArgumentParser(description='KADA Snowflake DMF Extractor.')
parser.add_argument('--config', '-c', dest='config', default=filename, help='Location of the configuration json, default is the config json in the same directory as the script.')
parser.add_argument('--name', '-n', dest='name', default=_type, help='Name of the collector instance.')
args = parser.parse_args()

start_hwm, end_hwm = get_hwm(args.name)

ext = Extractor(**load_config(args.config))
ext.test_connection()
ext.run(**{"start_hwm": start_hwm, "end_hwm": end_hwm})

publish_hwm(_type, end_hwm)

If your organisation has a proxy operating on where this script runs and you are using an private link for snowflake you may encounter an issue resulting in a 403 error when fetching result batches.

In such a scenario this is due to the private link not requiring a proxy but the s3 data fetch which snowflake uses requires a proxy, you will need to set the following.

export HTTP_PROXY=”http://username:password@proxyserver.company.com:80”
export HTTPS_PROXY=”http://username:password@proxyserver.company.com:80”

Then explicitly call out snowflake itself to not use a proxy

export NO_PROXY=”.snowflakecomputing.com”

On a windows setup you would use “set” instead of “export” in the command line.

Advance options:

If you wish to maintain your own high water mark files elsewhere you can use the above section’s script as a guide on how to call the extractor. The configuration file is simply the keyword arguments in JSON format. Refer to this document for more information Collector Integration General Notes | Storing-HWM-in-another-location

If you are handling external arguments of the runner yourself, you’ll need to consider additional items for the run method. Refer to this document for more information Collector Integration General Notes | The-run-method

CODE
from kada_collectors.extractors.snowflake import Extractor

kwargs = {my args} # However you choose to construct your args
hwm_kwrgs = {"start_hwm": "end_hwm": } # The hwm values

ext = Extractor(**kwargs)
ext.run(**hwm_kwrgs)

CODE
class Extractor(account: str = None,
    username: str = None,
    password: str = None,
    information_database: str = 'snowflake',
    role: str = 'accountadmin',
    output_path: str = './output',
    warehouse: str = None,
    login_timeout: int = 5,
    mask: bool = False,
    compress: bool = False,
    snowflake_host: str = None,
    use_private_key: bool = False,
    private_key: str = None
    ) -> None)

account: snowflake account
username: username to sign into snowflake
password: password to sign into snowflake
information_database: database with snowflake level information
role: role with access to the database with snowflake level information
output_path: full or relative path to where the outputs should go
warehouse: specify a different warehouse if required, otherwise the default will be used
login_timeout: The timeout for snowflake Auth
mask: To mask the META/DATABASE_LOG files or not
compress: To gzip output files or not
use_private_key: Using private/public RSA keys
private_key: the private key value in plain text not byte encoded
snowflake_host: The snowflake source host value onboarded in K


Step 7: Check the Collector Outputs

K Extracts

A set of files (eg metadata, databaselog, linkages, events etc) will be generated. These files will appear in the output_path directory you set in the configuration details

High Water Mark File

A high water mark file is created in the same directory as the execution called snowflake_dmf_hwm.txt and produce files according to the configuration JSON. This file is only produced if you call the publish_hwm method.


Step 8: Push the Extracts to K

Once the files have been validated, you can push the files to the K landing directory.

You can use Azure Storage Explorer if you want to initially do this manually. You can push the files using python as well (see Airflow example below)


Example: Using Airflow to orchestrate the Extract and Push to K

Collector Method

The following example is how you can orchestrate the Tableau collector using Airflow and push the files to K hosted on Azure. The code is not expected to be used as-is but as a template for your own DAG.

PY
# built-in
import os

# Installed
from airflow.operators.python_operator import PythonOperator
from airflow.models.dag import DAG
from airflow.operators.dummy import DummyOperator
from airflow.utils.dates import days_ago
from airflow.utils.task_group import TaskGroup

from plugins.utils.azure_blob_storage import AzureBlobStorage

from kada_collectors.extractors.utils import load_config, get_hwm, publish_hwm, get_generic_logger
from kada_collectors.extractors.tableau import Extractor

# To be configed by the customer.
# Note variables may change if using a different object store.
KADA_SAS_TOKEN = os.getenv("KADA_SAS_TOKEN")
KADA_CONTAINER = ""
KADA_STORAGE_ACCOUNT = ""
KADA_LANDING_PATH = "lz/tableau/landing"
KADA_EXTRACTOR_CONFIG = {
    "server_address": "http://tabserver",
    "username": "user",
    "password": "password",
    "sites": [],
    "db_host": "tabserver",
    "db_username": "repo_user",
    "db_password": "repo_password",
    "db_port": 8060,
    "db_name": "workgroup",
    "meta_only": False,
    "retries": 5,
    "dry_run": False,
    "output_path": "/set/to/output/path",
    "mask": True,
    "mapping": {}
}

# To be implemented by the customer. 
# Upload to your landing zone storage.
# Change '.csv' to '.csv.gz' if you set compress = true in the config
def upload():
  output = KADA_EXTRACTOR_CONFIG['output_path']
  for filename in os.listdir(output):
      if filename.endswith('.csv'):
        file_to_upload_path = os.path.join(output, filename)

        AzureBlobStorage.upload_file_sas_token(
            client=KADA_SAS_TOKEN,
            storage_account=KADA_STORAGE_ACCOUNT,
            container=KADA_CONTAINER, 
            blob=f'{KADA_LANDING_PATH}/{filename}', 
            local_path=file_to_upload_path
        )

with DAG(dag_id="taskgroup_example", start_date=days_ago(1)) as dag:
  
    # To be implemented by the customer.
    # Retrieve the timestamp from the prior run
    start_hwm = 'YYYY-MM-DD HH:mm:SS'
    end_hwm = 'YYYY-MM-DD HH:mm:SS' # timestamp now
    
    ext = Extractor(**KADA_EXTRACTOR_CONFIG)
    
    start = DummyOperator(task_id="start")

    with TaskGroup("taskgroup_1", tooltip="extract tableau and upload") as extract_upload:
        task_1 = PythonOperator(
            task_id="extract_tableau",
            python_callable=ext.run, 
            op_kwargs={"start_hwm": start_hwm, "end_hwm": end_hwm},
            provide_context=True,
        )
        
        task_2 = PythonOperator(
            task_id="upload_extracts",
            python_callable=upload, 
            op_kwargs={},
            provide_context=True,
        )

        # To be implemented by the customer. 
        # Timestamp needs to be saved for next run
        task_3 = DummyOperator(task_id='save_hwm') 

    end = DummyOperator(task_id='end')

    start >> extract_upload >> end

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.