ALTER APPLICATION SET SPECIFICATION¶
Creates or updates an app specification for a Snowflake Native App.
Note
This command can only be used by a Snowflake Native App.
语法
外部访问集成
安全集成 (CLIENT_
安全集成 (AUTHORIZATION_
安全集成 (JWT_
列表
应用程序间通信
Setting¶
一般参数
app_spec_nameIdentifier for the app specification.
TYPE = \{EXTERNAL_ACCESS | SECURITY_INTEGRATION | LISTING | CONNECTION | SETTING}\}指定应用程序规范的类型。支持的值包括:
Important
应用程序规范的类型一经创建便无法更改。尝试更改类型将导致错误。
LABEL = 'label'为应用程序规范指定标签。此标签是使用者可以看到的应用程序规范的名称。每个应用程序规范都必须有唯一的标签。
Note
仅更改标签不会触发新的审批请求。如需要求使用者进行审批,您还需更改应用程序规范定义(例如 HOST_PORTS、OAUTH_TOKEN_ENDPOINT 或 TARGET_ACCOUNTS)。
DESCRIPTION = 'description'指定应用程序规范的描述。Snowflake 建议提供有关应用程序规范类型以及应用程序为什么需要它的信息。
Note
仅更改描述不会触发新的审批请求。如需要求使用者进行审批,您还需更改应用程序规范定义(例如 HOST_PORTS、OAUTH_TOKEN_ENDPOINT 或 TARGET_ACCOUNTS)。
外部访问集成参数
{HOST_PORTS | PRIVATE_HOST_PORTS} = ( 'value' [ , 'value', ... ] )指定应用程序可以连接的主机端口或私有主机端口的列表。这些端口由外部访问集成使用。
安全集成参数 - CLIENT_
OAUTH_TYPE = 'CLIENT_CREDENTIALS'Specifies the type of security integration for external API Authentication. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_TOKEN_ENDPOINT = 'string_literal'Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_ALLOWED_SCOPES = ( 'scope' [ , 'scope' ... ] )Specifies a comma-separated list of scopes, with single quotes surrounding each scope, to use when making a request from the OAuth by a role with USAGE on the integration during the OAuth client credentials flow. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_ACCESS_TOKEN_VALIDITY = integerSpecifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
安全集成参数 - AUTHORIZATION_
OAUTH_TYPE = 'AUTHORIZATION_CODE'Specifies the type of security integration for external API Authentication. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_TOKEN_ENDPOINT = 'string_literal'Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_AUTHORIZATION_ENDPOINT = 'string_literal'Specifies the URL for authenticating to the external service. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_ACCESS_TOKEN_VALIDITY = integerSpecifies the default lifetime of the OAuth access token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_REFRESH_TOKEN_VALIDITY = integerSpecifies the default lifetime of the OAuth refresh token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
安全集成参数 - JWT_
OAUTH_TYPE = 'JWT_BEARER'Specifies the type of security integration for external API Authentication. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_TOKEN_ENDPOINT = 'string_literal'Specifies the token endpoint used by the client to obtain an access token by presenting its authorization grant or refresh token. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_AUTHORIZATION_ENDPOINT = 'string_literal'Specifies the URL for authenticating to the external service. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
OAUTH_REFRESH_TOKEN_VALIDITY = integerSpecifies the default lifetime of the OAuth refresh token (in seconds) issued by an OAuth server. See CREATE SECURITY INTEGRATION (External API Authentication) for more information.
列表参数
TARGET_ACCOUNTS = 'account_list'Specifies a single-quoted string of target accounts, separated by commas, with no spaces. Each account must be specified in the format
OrgName.AccountName; for example:'ProviderOrg.ProviderAccount,PartnerOrg.PartnerAccount'. When the specification is approved, these accounts are added to the listing. When declined, all accounts are removed from the listing.LISTING = listing_name指定应用程序创建的外部列表的标识符。该列表必须已经存在,并且必须由附加了共享的应用程序创建。在应用程序规范中设置列表后,列表名称将无法更改。
AUTO_FULFILLMENT_REFRESH_SCHEDULE = 'schedule'可选。指定跨区域数据共享的刷新计划。跨区域共享数据时需要此参数。该值可以用两种格式指定:
num MINUTE: Number of minutes, with a minimum of 10 minutes and a maximum of 11,520 minutes (eight days).USING CRON expression time_zone: Cron expression with time zone for the refresh.
应用程序间通信参数
SERVER_APPLICATION = server_app要连接的服务器应用程序的名称。不支持以下操作:
- 为现有规范更新此设置。
- 针对同一服务器应用程序的多个规范。
SERVER_APPLICATION_ROLES = ( app_role1 [ , app_role2 ... ] )指定将授予此应用程序的服务器应用程序的应用程序角色列表,以逗号分隔。
Setting parameters¶
SETTING = setting_nameSpecifies the name of the account-level setting to request. The value can’t be changed after the app specification is created. Supported values are:
ENABLE_UNLOAD_TO_INTERNAL_STAGES: When approved, allows the app to copy data to internal stages contained within the application, even when thePREVENT_UNLOAD_TO_INTERNAL_STAGESaccount parameter is enabled.
VALUE = 'value'Specifies the value for the setting. For boolean settings, this parameter may be omitted (the value defaults to
'true'), or if specified, must be'true'. For non-boolean settings, this parameter is required.
使用说明
- To use this command, providers must ensure that the manifest file of the app
uses
manifest_version: 2.
示例
创建外部访问的应用程序规范:
为 OAuth 安全集成创建应用程序规范:
通过列表实现的数据共享应用规范:
Create an app specification to request a behavioral setting: