Snowflake Native App manifest reference¶
This topic describes the structure and fields of a Snowflake Native App manifest file.
manifest_version field¶
Specifies the version of the manifest file format.
This field is required.
manifest_version: 1¶
This version of the manifest file supports the current and legacy functionality of Snowflake Native Apps.
Example: manifest_version: 1
manifest_version: 2¶
This version of the manifest file provides support for additional features, including automated granting of privileges.
Caution
Before using version 2 of the manifest file, consider the security implications described in About the manifest file.
Example: manifest_version: 2
manifest_version example¶
manifest_version: 2
version field¶
Defines a block containing fields related to the version of an app. For more information about versions and patches, see Update an app.
Note
Versions and patches defined using the CREATE APPLICATION PACKAGE or ALTER APPLICATION PACKAGE commands take precedence over those defined in the manifest file.
This field is optional.
name¶
Specifies the name of the version.
This field is optional.
Example: name: v1
patch¶
Specifies the default patch number.
This field is optional.
Example: patch: 1
label¶
Specifies a name for the version that is displayed to consumers.
This field is optional.
Example: label: "Initial Release"
comment¶
Specifies a comment for the version. This comment is visible in Snowsight or when the provider runs the SHOW VERSIONS IN APPLICATION PACKAGE command.
This field is optional.
Example: comment: "This is the initial release of the app."
version example¶
version:
name: v1
patch: 1
label: "Initial Release"
comment: "This is the initial release of the app."
artifacts field¶
Defines a block that specifies resources used the app.
This field is required.
setup_script¶
Specifies the path and filename of the setup script that is run when
the Snowflake Native App is installed or upgraded. If you do not specify a
value, the app uses the default value is setup.sql in the same
directory as the manifest file.
Example: setup_script: scripts/setup.sh
readme¶
Specifies a path to a Markdown readme file that provides an overview of the app and its functionality.
In the case of a Streamlit app, if no value is specified for the default_streamlit property, the contents of this file is displayed to consumers when viewing the installed Snowflake Native App.
The location of this file is specified relative to the location of the manifest file.
This field is optional, however Snowflake recommends that you include a readme file with your app.
Example: readme: docs/README.md
default_streamlit_app¶
If the Snowflake Native App includes a Streamlit app, this property specifies the schema and name of the default Streamlit app available to consumers.
This field is required if the app includes a Streamlit app.
extension_code¶
Enables or disables the use of extension code languages, including Java,Python, and Scala.
Example: extension_code: true
container_services¶
Specifies the location of the container images used by an app with containers. See Specify the container images used by an app with containers for more information.
This field is required for an app with containers.
uses_gpu¶
Indicates that the app with containers uses a GPU.
This field is required for an app with containers.
Example: uses_gpu: true
images¶
Specifies the path to each of the container images used by an app with containers.
This field is required for an app with containers.
Example:
images:
- /spcs_app/napp/img_repo/eap_frontend
- /spcs_app/napp/img_repo/eap_backend
- /spcs_app/napp/img_repo/eap_router
artifacts example¶
artifacts:
setup_script: scripts/setup.sql
readme: docs/README.md
default_streamlit_app: apps/main.py
extension_code: true
container_services:
uses_gpu: true
images:
- /spcs_app/napp/img_repo/eap_frontend
- /spcs_app/napp/img_repo/eap_backend
configuration field¶
Specifies a block containing configuration properties for an app.
This field is optional.
log_level¶
Specifies the logging level to use for the app Snowflake Native App.
This field is optional.
For information about supported values, see Setting levels for logging, metrics, and tracing.
trace_level¶
Specifies the trace event level to use for the app. When a provider enables tracing, the app automatically captures the start and end times for all queries and stored procedure calls.
Caution
Publishing an app with the trace_level property set to a
value other than OFF might expose calls to hidden stored procedures to any user in the consumer account who can view
the event table.
This field is optional.
For the supported values of the trace_level property, see Setting levels for logging, metrics, and tracing.
metric_level¶
Specifies the metric level to use for the app. When a provider enables metrics the app automatically emits auto-instrumented resource metrics data points to the event table.
See Set the log and trace levels for an app for more information.
This field is optional.
For the supported values of the metric_level property, see
Setting levels for logging, metrics, and tracing.
grant_callback¶
Specifies the schema and name of the callback function for app an with containers. The callback function is a stored procedure that can create compute pools, services, and perform other setup tasks required by the application.
This field is optional.
For more information, see Create a service by using the grant_callback property.
Example: grant_callback: my_schema.my_grant_callback
configuration example¶
configuration:
log_level: INFO
trace_level: OFF
metric_level: BASIC
grant_callback: my_schema.my_grant_callback
privileges field¶
Defines a block containing the privileges that the app requests in a consumer account.
This field is optional.
<privilege_name>¶
Specifies the name of a privilege that the app is requests in a consumer account.
This field is required if the privileges property is specified.
description¶
Provides a description of the privilege being requested. The text
specified in description is displayed to the consumer when the
privilege is displayed in Snowsight using the
Python Permission SDK, or when the
SHOW PRIVILEGES command is run.
As a provider, you should include as much information as possible about why the Snowflake Native App needs this privilege and if the privilege is required or optional.
This field is required if the privileges field is specified.
privileges example¶
privileges:
- CREATE TABLE
description: 'Required to create tables in the consumer account.'
- CREATE COMPUTE POOL
description: 'Required to allow the app to create a compute pool in the consumer account.'
- BIND SERVICE ENDPOINT
description: 'Required to allow endpoints to be externally accessible.'
references field¶
Defines a block containing the references that the app is requesting in a consumer account. The consumer must bind these references to objects within their account.
This field is required if the app requests references in the consumer account.
- <reference_name>¶
Specifies the name of a reference that the app is requesting in a consumer account.
This field is required if the references property is specified.
label¶
Specifies a label for the reference that is displayed to consumers.
This field is required if the references property is specified.
Example: label: "Orders table"
description¶
Provides a description of the reference being requested. The text
specified in description is displayed to the consumer when the
reference is displayed in Snowsight using the
Python Permission SDK, or when the
SHOW REFERENCES command is run.
This field is required if the references property is specified.
privileges¶
Specifies a list of privileges that the app requires on the object to which the reference is bound in the consumer account.
This field is required if the references property is specified.
Example:
privileges:
- SELECT
- INSERT
object_type¶
Specifies the type of object associated with the reference, such as a schema and table, or an API integration.
This field is required if the references field is specified.
Example: object_type: TABLE
For more information, see Object types and privileges that a reference can contain.
multi_valued¶
Allows more than one object to be associated with the reference. Use this property to bind multiple consumer objects to the same reference. When this property is specified, the same operations are performed on objects with a single value reference. The property can also be used with objects with multi-valued references.
This field is optional. The default value is false.
For more information, see Request references and object-level privileges from consumers
Example: multi_valued: true
register_callback¶
Specifies the schema and name of the callback function that is run when the consumer binds the reference to an object in their account.
This field is required if the references property is specified.
Example: register_callback: my_schema.my_register_callback
configuration_callback¶
Specifies the name of the callback function that provides the desired configuration for the object to bind to this reference.
This property is required if object_type is
EXTERNAL ACCESS INTEGRATION or SECRET. This property is not applicable to other types of objects.
required_at_setup¶
Indicates that references must be bound when the app is installed.
Example: required_at_setup: true
references example¶
references:
- ORDERS_TABLE:
label: "Orders table"
description: "Orders table in TPC-H samples"
privileges:
- SELECT
object_type: VIEW
multi_valued: false
register_callback: v1.register_single_callback
- EXTERNAL_ENDPOINT_EAI:
label: "Allows egress to an external API"
description: "EAI for Egress from NA+SPCS"
privileges: [USAGE]
object_type: EXTERNAL_ACCESS_INTEGRATION
register_callback: v1.register_single_callback
configuration_callback: v1.get_configuration
required_at_setup: true
restricted_callers_rights field¶
Specifies configuration properties related to restricted caller’s rights.
This field is required if the app creates stored procedures or Snowpark Container Services services that run with restricted caller’s rights.
For more information, see Use owner’s rights and restricted caller’s rights in an app.
enabled¶
Specifies whether the app is allowed to create executables with restricted caller’s rights.
Providers must set this property to true if the app creates stored procedures or Snowpark Container Services services that run with restricted caller’s rights.
description¶
Provides a description of why the app needs to create executables with restricted caller’s rights.
restricted_callers_rights example¶
restricted_callers_rights:
enabled: true
description: "Required to create stored procedures that run with restricted caller's rights."