- 类别:
系统函数 (系统信息)
SYSTEM$ALLOWLIST_PRIVATELINK¶
Returns host names and port numbers for AWS PrivateLink (https://aws.amazon.com/privatelink/), Azure Private Link (https://azure.microsoft.com/en-us/services/private-link/), and Google Cloud Private Service Connect (https://cloud.google.com/vpc/docs/configure-private-service-connect-services) deployments to add to your firewall's allowed list so that you can access Snowflake from behind your firewall. These features provide private connectivity to the Snowflake service on each supported cloud platform.
然后,此函数的输出可以传递到 SnowCD,以诊断 Snowflake 的网络连接并排除故障。
Typically, Snowflake customers use a firewall to prevent unauthorized access. By default, your firewall might block access to Snowflake. To update your firewall's allowed list, you need to know the host names and port numbers for the URL associated with your Snowflake account identifier, stages, and other hosts used by Snowflake.
有关所用 Snowflake 客户端的允许名单的更多详细信息,请参阅 Allowing Host names。
语法¶
SYSTEM$ALLOWLIST_PRIVATELINK()
实参¶
无。
返回¶
返回值的数据类型是 VARIANT。该值是一个 JSON 结构的数组。每个 JSON 结构包含三个键/值对:
typeSnowflake 支持以下类型:
SNOWFLAKE_DEPLOYMENTHost name and port number information for your Snowflake account.
SNOWFLAKE_DEPLOYMENT_REGIONLESSHost name and port number information for your organization.
有关更多信息,请参阅 账户标识符。
STAGELocation (such as Amazon S3, Google Cloud Storage, or Microsoft Azure) where files that the Snowflake client can read or write are stored.
SNOWSQL_REPOEndpoint accessed by SnowSQL to perform automatic downloads or upgrades.
OUT_OF_BAND_TELEMETRY接收驱动程序报告的指标和带外事件(例如 OCSP 问题)的主机。
CLIENT_FAILOVERHost name and port number for the connection URL for Client Redirect. Note that each row in the query output that specifies this value refers to either the primary connection or the secondary connection depending on how the connection URLs were configured.
CRL_DISTRIBUTION_POINTHost name and port number for certificate revocation list (CRL) distribution endpoints.
OCSP_CACHESnowflake 为防无法联系到主要 OCSP 响应器而提供的 OCSP 证书信息替代来源。大多数最新版本的 Snowflake 客户端都访问 OCSP 缓存而不是直接连接到 OCSP 响应器。
OCSP_CACHE_REGIONLESSSnowflake 为 组织 提供的 OCSP 证书信息替代来源。大多数最新版本的 Snowflake 客户端都访问 OCSP 缓存而不是直接连接到 OCSP 响应器。
OCSP_CLIENT_FAILOVERSnowflake 为 Client Redirect 提供的 OCSP 证书信息替代来源。
DUO_SECURITYThe host name for the Duo Security service that is used with MFA(多重身份验证) while authenticating to Snowflake.
OCSP_RESPONDERHost name to contact to verify that the OCSP TLS certificate has not been revoked.
请注意,配置与 Snowflake 服务的专用连接时,不需要此值;请按照相应主题中的说明选择要添加到允许名单的 OCSP 值。
SNOWSIGHT_DEPLOYMENT_REGIONLESSHost name and port number for your organization to access Snowsight.
有关更多信息,请参阅 账户标识符 和 Snowsight:Snowflake Web 界面。
SNOWSIGHT_DEPLOYMENTHost name and port number to access Snowsight for your Snowflake account.
hostSpecifies the full host name for
type, for example:"xy12345.east-us-2.azure.snowflakecomputing.cn","ocsp.snowflakecomputing.cn".portSpecifies the port number for
type, for example:443,80.
使用说明¶
输出可能包含某些类型的多个条目(STAGE 等)。
示例¶
要调用此函数,请使用以下语句:
SELECT SYSTEM$ALLOWLIST_PRIVATELINK();示例输出:
[ {"type":"SNOWFLAKE_DEPLOYMENT", "host":"xy12345.us-west-2.privatelink.snowflakecomputing.cn", "port":443}, {"type":"STAGE", "host":"sfc-ss-ds2-customer-stage.s3.us-west-2.amazonaws.com", "port":443}, ... {"type":"SNOWSQL_REPO", "host":"sfc-repo.snowflakecomputing.cn", "port":443}, ... {"type":"OUT_OF_BAND_TELEMETRY", "host":"client-telemetry.snowflakecomputing.cn", "port":443}, {"type":"CRL_DISTRIBUTION_POINT", "host":"crl.r2m01.amazontrust.com", "port":80}, ... {"type":"OCSP_CACHE", "host":"ocsp.station00752.us-west-2.privatelink.snowflakecomputing.cn", "port":80} ]在此示例输出中,请注意以下内容:
为了便于阅读,添加了空格和换行符。此外,还省略了一些条目。
The region ID (
us-west-2) in some of the host names indicates the account is in the US West region ; however, the region ID is not utilized in the host name forSNOWFLAKE_DEPLOYMENT.
要将信息提取到表格输出而不是 JSON 中,请结合使用 FLATTEN 函数与 PARSE_JSON 函数:
SELECT t.VALUE:type::VARCHAR as type, t.VALUE:host::VARCHAR as host, t.VALUE:port as port FROM TABLE(FLATTEN(input => PARSE_JSON(SYSTEM$ALLOWLIST_PRIVATELINK()))) AS t;示例输出:
+------------------------+---------------------------------------------------+------+ | TYPE | HOST | PORT | +------------------------+---------------------------------------------------+------+ | SNOWFLAKE_DEPLOYMENT | xy12345.snowflakecomputing.cn | 443 | | STAGE | sfc-customer-stage.s3.us-west-2.amazonaws.com | 443 | ... | SNOWSQL_REPO | sfc-repo.snowflakecomputing.cn | 443 | ... | CRL_DISTRIBUTION_POINT | crl.r2m01.amazontrust.com | 80 | ... | OCSP_CACHE | ocsp.snowflakecomputing.cn | 80 | ... +------------------------+---------------------------------------------------+------+