Categories:: System functions (System Information)

SYSTEM$WHITELIST — Deprecated¶

Returns hostnames and port numbers to add to your firewall’s allowed list so that you can access Snowflake from behind your firewall. The output of this function can then be passed into SnowCD.

Typically, Snowflake customers use a firewall to prevent unauthorized access. By default, your firewall might block access to Snowflake. To update your firewall’s allowed list, you need to know the hostnames and port numbers for the URL for your Snowflake account, stages, and other hosts used by Snowflake.

For more details about the allowed listing for the Snowflake clients you use, see Allowing Host names.

语法

SYSTEM$WHITELIST()

实参

无。

返回值的数据类型是 VARIANT。该值是一个 JSON 结构的数组。每个 JSON 结构包含三个键/值对：

type

Snowflake supports the following types:

SNOWFLAKE_DEPLOYMENT

Host name and port number information for your Snowflake account.

SNOWFLAKE_DEPLOYMENT_REGIONLESS

Host name and port number information for your organization.

For more information, see Account identifiers.

STAGE

Location (such as Amazon S3, Google Cloud Storage, or Microsoft Azure) where files that the Snowflake client can read or write are stored.

SNOWSQL_REPO

Endpoint accessed by SnowSQL to perform automatic downloads or upgrades.

OUT_OF_BAND_TELEMETRY

The hosts to which drivers report metrics and out-of-band incidents such as OCSP issues.

CLIENT_FAILOVER

Host name and port number for the connection URL for Client Redirect. Note that each row in the query output that specifies this value refers to either the primary connection or the secondary connection depending on how the connection URLs were configured.

CRL_DISTRIBUTION_POINT

Host name and port number for certificate revocation list (CRL) distribution endpoints.

OCSP_CACHE

Snowflake-provided alternative source of OCSP certificate information in case the primary OCSP responder cannot be reached. Most of the latest versions of the Snowflake clients access the OCSP cache rather than connecting directly to the OCSP responder.

OCSP_CACHE_REGIONLESS

Snowflake-provided alternative source of OCSP certificate information for your organization. Most of the latest versions of the Snowflake clients access the OCSP cache rather than connecting directly to the OCSP responder.

OCSP_CLIENT_FAILOVER

Snowflake-provided alternative source of OCSP certificate information for Client Redirect.

DUO_SECURITY

The host name for the Duo Security service that is used with Multi-factor authentication (MFA) while authenticating to Snowflake.

OCSP_RESPONDER

Host name to contact to verify that the OCSP TLS certificate has not been revoked.

Note that this value is not necessary when configuring private connectivity to the Snowflake service ; follow the instructions in the corresponding topic to select the OCSP value to add to your allowlist.

SNOWSIGHT_DEPLOYMENT_REGIONLESS

Host name and port number for your organization to access Snowsight.

For more information, see Account identifiers and Snowsight: The Snowflake web interface.

SNOWSIGHT_DEPLOYMENT

Host name and port number to access Snowsight for your Snowflake account.

host

Specifies the full host name for type, for example: "xy12345.east-us-2.azure.snowflakecomputing.cn", "ocsp.snowflakecomputing.cn".

port

Specifies the port number for type, for example: 443, 80.

使用说明

The output may include multiple entries for certain types (e.g. STAGE, OCSP_RESPONDER).

示例

要调用此函数，请使用以下语句：

SELECT SYSTEM$WHITELIST();
示例输出：
[
  {"type":"SNOWFLAKE_DEPLOYMENT", "host":"xy12345.snowflakecomputing.cn",                 "port":443},
  {"type":"STAGE",                "host":"sfc-customer-stage.s3.us-west-2.amazonaws.com",  "port":443},
  ...
  {"type":"SNOWSQL_REPO",         "host":"sfc-repo.snowflakecomputing.cn",                "port":443},
  ...
  {"type":"OCSP_CACHE",           "host":"ocsp.snowflakecomputing.cn",                    "port":80}
  {"type":"OCSP_RESPONDER",       "host":"o.ss2.us",                                       "port":80},
  ...
]
在此示例输出中，请注意以下内容：

为了便于阅读，添加了空格和换行符。此外，还省略了一些条目。

The region ID (us-west-2) in some of the hostnames indicates the account is in the US West region; however, the region ID is not utilized in the hostname for SNOWFLAKE_DEPLOYMENT.

To extract the information into tabular output rather than JSON, use the FLATTEN function in conjunction with the PARSE_JSON function:

SELECT t.VALUE:type::VARCHAR as type,
       t.VALUE:host::VARCHAR as host,
       t.VALUE:port as port
FROM TABLE(FLATTEN(input => PARSE_JSON(SYSTEM$WHITELIST()))) AS t;

示例输出：

+-----------------------+---------------------------------------------------+------+
| TYPE                  | HOST                                              | PORT |
|-----------------------+---------------------------------------------------+------|
| SNOWFLAKE_DEPLOYMENT  | xy12345.snowflakecomputing.cn                    | 443  |
| STAGE                 | sfc-customer-stage.s3.us-west-2.amazonaws.com     | 443  |
  ...
| SNOWSQL_REPO          | sfc-repo.snowflakecomputing.cn                   | 443  |
  ...
| OCSP_CACHE            | ocsp.snowflakecomputing.cn                       | 80   |
| OCSP_RESPONDER        | ocsp.sca1b.amazontrust.com                        | 80   |
  ...
+-----------------------+---------------------------------------------------+------+