为应用程序添加服务

The topic describes how to configure and use services in a Snowflake Native App with Snowpark Container Services. For information on using a job service in an app, see Add job services to an app.

在使用者账户中创建服务所需的权限

要让应用程序在使用者账户中创建服务,使用者必须首先授予以下权限:

  • CREATE COMPUTE POOL

所有服务都需要此权限。在使用者账户中创建服务需要一个或多个计算池。

  • BIND SERVICE ENDPOINT

任何公开端点的服务都需要此权限。如果服务需要与 Snowflake 以外的 URLs 建立连接,则应用程序需要此权限才能创建所需的外部访问集成。

在应用程序中创建服务时的注意事项

The following considerations apply when creating a service within a Snowflake Native App with Snowpark Container Services:

  • References to warehouses. See 在应用程序中使用服务时的最佳实践 for information on using in a Snowflake Native App with Snowpark Container Services.
  • 不支持应用程序中的服务名称包含引号。
  • 不能在版本化架构中创建服务。
  • Services may not be created outside of the application using a container image created within the app.

在应用程序中使用服务时的最佳实践

The following are best practices and considerations when using services within a Snowflake Native App with Snowpark Container Services:

  • Create a Streamlit app or stored procedures that allows consumers to interact with a service.

在某些情况下,用户可能需要创建、启动、停止、重启和管理应用程序提供的服务。

  • Use a single stored procedure to verify that the consumer has granted all the required privileges.

一项服务可能要求使用者向应用程序授予多种权限。例如,一项服务可能需要 CREATE COMPUTE POOL、CREATE WAREHOUSE、BIND SERVICE ENDPOINT 和其他权限。应用程序还可能需要引用使用者账户中的现有对象。

在这种情况下,Snowflake 建议使用单个存储过程来验证是否满足所有先决条件。验证所有先决条件后,该存储过程将创建服务。

  • If a service requires a warehouse to execute queries, the app should create the warehouse directly in the consumer account. This requires that the consumer grant the CREATE WAREHOUSE global privilege to the app. See Request global privileges from consumers for more information.
  • When creating a service using a specification template, store the arguments provided by the consumer inside your application instance. This allows them to be passed as arguments when upgrading a service.

在应用程序中创建服务

To create a service in an app, use the CREATE SERVICE command in the setup script. Providers should always consider calling this command from within a stored procedure instead of running it directly.

Within an app with containers, services can be created using specification file or by using a specification template.

使用规范文件创建服务

To create a service a service from a specification file, use the CREATE SERVICE command and include a reference to the service specification file:

CREATE SERVICE IF NOT EXISTS app_service
  IN COMPUTE POOL app_compute_pool
  FROM SPECIFICATION_FILE = '/containers/service1_spec.yaml';

此示例演示了如何使用 FROM SPECIFICATION_FILE 子句创建服务,该子句使用文件的相对路径。FROM SPECIFICATION_FILE 子句指向特定于应用程序版本的服务规范文件。该路径相对于应用程序根目录。

However, you can also use a specification file on a stage. See CREATE SERVICE for more information.

使用规范模板创建服务

To create a service using a specification template, use the FROM SPECIFICATION_TEMPLATE_FILE clause of the CREATE SERVICE command as shown in the following example:

CREATE SERVICE IF NOT EXISTS app_service
  IN COMPUTE POOL app_compute_pool
  FROM SPECIFICATION_TEMPLATE_FILE = '/containers/service1_spec.yaml';

See specification template for more information.

将 CREATE SERVICE 命令添加到存储过程

A Snowflake Native Apps with Snowpark Container Services supports multiple ways of creating a service within a stored procedure.

提供商可以使用这些方法的任意组合在使用者账户中创建服务。

Create a service by using the grant_callback property

grant_callback is a property in the manifest file that allows providers to specify a callback function. The callback function is a stored procedure that can create compute pools, services and perform other setup tasks required by the application.

Note

Using the grant_callback property to specify the callback function is only supported by Snowflake Native Apps with Snowpark Container Services.

The advantage of specifying a callback function with grant_callback is that the stored procedure is not called until the consumer grants the required privileges to the app. This ensures that the app has the privileges required to create services and other objects in the consumer account.

To use grant_callback, add it to the configuration section of the manifest file:

configuration:
  log_level: INFO
  trace_level: ALWAYS
  metric_level: ALL
  log_event_level: INFO
  grant_callback: core.grant_callback

然后,在安装脚本中定义一个回调函数,如下例所示:

 CREATE SCHEMA core;
 CREATE APPLICATION ROLE app_public;

 CREATE OR REPLACE PROCEDURE core.grant_callback(privileges array)
 RETURNS STRING
 AS $$
 BEGIN
   IF (ARRAY_CONTAINS('CREATE COMPUTE POOL'::VARIANT, privileges)) THEN
      CREATE COMPUTE POOL IF NOT EXISTS app_compute_pool
          MIN_NODES = 1
          MAX_NODES = 3
          INSTANCE_FAMILY = GPU_NV_M;
   END IF;
   IF (ARRAY_CONTAINS('BIND SERVICE ENDPOINT'::VARIANT, privileges)) THEN
      CREATE SERVICE IF NOT EXISTS core.app_service
       IN COMPUTE POOL my_compute_pool
       FROM SPECIFICATION_FILE = '/containers/service1_spec.yaml';
   END IF;
   RETURN 'DONE';
 END;
 $$;

GRANT USAGE ON PROCEDURE core.grant_callback(array) TO APPLICATION ROLE app_public;

This example creates a grant_callback procedure that does the following:

  • Tests whether the consumer has granted the CREATE COMPUTE POOL privilege to the app. If the consumer has granted this privilege, the grant_callback procedure creates the compute pool.
  • Tests whether the consumer has granted the BIND SERVICE ENDPOINT privilege to the app. If the consumer has granted this privilege, the grant_callback procedure creates the service.

此示例展示了在使用容器的应用程序中创建服务和计算池的模式。在此示例中,应用程序首先测试使用者是否授予了所需权限,然后创建服务或计算池。

根据参考定义创建服务

An app can create services using a reference definition by using the register_callback property in the manifest file. This property specifies a stored procedure used to bind an object in the consumer account to the reference definition.

For more information on using references in an app, see Request references and object-level privileges from consumers

An app can use the register_callback of the reference to create a service after all the required references are bound. If a service is created before all the references to an external access integrations or secret is allowed, the service creation fails.

使用存储过程创建服务

An app can create a service directly within a stored procedure. As with other stored procedures, providers can define them in the application setup script. This stored procedure would use the CREATE SERVICE command to create the service, then grant the necessary privileges on the stored procedure to an application role.

使用者为应用程序授予所需权限和引用后,将调用此存储过程在其账户中创建服务。

确定服务的状态

To determine the status of a service, an app can call the SYSTEM$GET_SERVICE_STATUS — Deprecated system function from the setup script.

此系统函数为每个服务实例中的每个容器返回一个 JSON 对象。