|
125 | 125 | "**Context**: You are an expert at writing Snowflake SQL queries. A user is going to ask you a question. \n", |
126 | 126 | "\n", |
127 | 127 | "**Instructions**:\n", |
128 | | - "1. No matter the user's question, start by running `runQuery` operation using this query: \"SELECT column_name, table_name, data_type, comment FROM `{database}.INFORMATION_SCHEMA.COLUMNS`\" \n", |
| 128 | + "1. No matter the user's question, start by running `runQuery` operation using this query: \"SELECT column_name, table_name, data_type, comment FROM {database}.INFORMATION_SCHEMA.COLUMNS\" \n", |
129 | 129 | "-- Assume warehouse = \"<insert your default warehouse here>\", database = \"<insert your default database here>\", unless the user provides different values \n", |
130 | 130 | "2. Convert the user's question into a SQL statement that leverages the step above and run the `runQuery` operation on that SQL statement to confirm the query works. Add a limit of 100 rows\n", |
131 | 131 | "3. Now remove the limit of 100 rows and return back the query for the user to see\n", |
132 | | - "4. Use the <your role> role when querying Snowflake\n", |
| 132 | + "4. Use the <your_role> role when querying Snowflake\n", |
133 | 133 | "5. Run each step in sequence. Explain what you are doing in a few sentences, run the action, and then explain what you learned. This will help the user understand the reason behind your workflow. \n", |
134 | 134 | "\n", |
135 | 135 | "**Additional Notes**: If the user says \"Let's get started\", explain that the user can provide a project or dataset, along with a question they want answered. If the user has no ideas, suggest that we have a sample flights dataset they can query - ask if they want you to query that" |
|
258 | 258 | }, |
259 | 259 | "outputs": [], |
260 | 260 | "source": [ |
261 | | - "## Example with ChatGPT IPs as of September 19, 2024\n", |
| 261 | + "## Example with ChatGPT IPs as of October 23, 2024\n", |
262 | 262 | "## Make sure to get the current IP ranges from https://platform.openai.com/docs/actions/production\n", |
263 | 263 | "CREATE NETWORK RULE chatgpt_network_rule\n", |
264 | 264 | " MODE = INGRESS\n", |
265 | 265 | " TYPE = IPV4\n", |
266 | 266 | " VALUE_LIST = ('23.102.140.112/28',\n", |
267 | 267 | " '13.66.11.96/28',\n", |
268 | 268 | " '104.210.133.240/28',\n", |
| 269 | + " '70.37.60.192/28',\n", |
269 | 270 | " '20.97.188.144/28',\n", |
270 | 271 | " '20.161.76.48/28',\n", |
271 | 272 | " '52.234.32.208/28',\n", |
272 | 273 | " '52.156.132.32/28',\n", |
273 | 274 | " '40.84.220.192/28',\n", |
274 | 275 | " '23.98.178.64/28',\n", |
| 276 | + " '51.8.155.32/28',\n", |
| 277 | + " '20.246.77.240/28',\n", |
| 278 | + " '172.178.141.0/28',\n", |
| 279 | + " '172.178.141.192/28',\n", |
275 | 280 | " '40.84.180.128/28');\n", |
276 | 281 | "\n", |
277 | 282 | "CREATE NETWORK POLICY chatgpt_network_policy\n", |
|
304 | 309 | " OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'\n", |
305 | 310 | " OAUTH_REDIRECT_URI = 'https://oauth.pstmn.io/v1/callback' --- // this is a temporary value while testing your integration. You will replace this with the value your GPT provides\n", |
306 | 311 | " OAUTH_ISSUE_REFRESH_TOKENS = TRUE\n", |
307 | | - " OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;\n", |
308 | | - " NETWORK_POLICY = chatgpt_network_policy --- // this line should only be included if you followed step 1 above" |
| 312 | + " OAUTH_REFRESH_TOKEN_VALIDITY = 7776000\n", |
| 313 | + " NETWORK_POLICY = chatgpt_network_policy; --- // this line should only be included if you followed step 1 above" |
309 | 314 | ] |
310 | 315 | }, |
311 | 316 | { |
|
350 | 355 | "metadata": {}, |
351 | 356 | "source": [ |
352 | 357 | "\n", |
353 | | - "* Retrieve your OAuth Client Secret" |
| 358 | + "* Retrieve your OAuth Client Secret using SHOW_OAUTH_CLIENT_SECRETS" |
354 | 359 | ] |
355 | 360 | }, |
356 | 361 | { |
|
363 | 368 | }, |
364 | 369 | "outputs": [], |
365 | 370 | "source": [ |
366 | | - "select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION');" |
| 371 | + "SELECT \n", |
| 372 | + "trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_ID) AS OAUTH_CLIENT_ID\n", |
| 373 | + ", trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_SECRET) AS OAUTH_CLIENT_SECRET;" |
367 | 374 | ] |
368 | 375 | }, |
369 | 376 | { |
370 | 377 | "cell_type": "markdown", |
371 | 378 | "metadata": {}, |
372 | 379 | "source": [ |
373 | | - "\n", |
374 | | - "You’ll find the Client Secret in OAUTH_CLIENT_SECRET. Do not include the double quotes when copying the value.\n", |
375 | | - "\n", |
376 | 380 | "Now is a good time to [test your Snowflake integration in Postman](https://community.snowflake.com/s/article/How-to-configure-postman-for-testing-SQL-API-with-OAuth). If you configured a network policy for your security integration, ensure that it includes the IP of the machine you're using to test." |
377 | 381 | ] |
378 | 382 | }, |
|
393 | 397 | "| -------- | -------- |\n", |
394 | 398 | "| Authentication Type | OAuth |\n", |
395 | 399 | "| Client ID | OAUTH_CLIENT_ID from SHOW_OAUTH_CLIENT_SECRETS |\n", |
| 400 | + "| Client Secret | OAUTH_CLIENT_SECRET from SHOW_OAUTH_CLIENT_SECRETS |\n", |
396 | 401 | "| Authorization URL | OAUTH_AUTHORIZATION_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", |
397 | 402 | "| Token URL | OAUTH_TOKEN_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", |
398 | | - "| Scope | <empty>* |\n", |
| 403 | + "| Scope | session:role:your_role* |\n", |
399 | 404 | "| Token Exchange Method | Default (POST Request) |\n", |
400 | 405 | "\n", |
401 | 406 | "\n", |
402 | | - "*Snowflake scopes pass the role, but you’ll notice the action itself also specifies the role as a parameter in runQuery, so the Scope is unnecessary. You may elect to pass roles in the scope instead of the action parameters if it makes more sense for your GPT." |
| 407 | + "*Snowflake scopes pass the role in the format `session:role:<your_role>` for example `session:role:CHATGPT_INTEGRATION_ROLE`. It's possible to leave this empty and specify the role in the instructions, but by adding it here it becomes included in OAuth Consent Request which can sometimes be more reliable. " |
403 | 408 | ] |
404 | 409 | }, |
405 | 410 | { |
|
430 | 435 | }, |
431 | 436 | "outputs": [], |
432 | 437 | "source": [ |
433 | | - "ALTER SECURITY INTEGRATION CHATGPT_INTEGRATION_DEV SET OAUTH_REDIRECT_URI='https://chat.openai.com/aip/<callback_id>/oauth/callback';" |
| 438 | + "ALTER SECURITY INTEGRATION CHATGPT_INTEGRATION SET OAUTH_REDIRECT_URI='https://chat.openai.com/aip/<callback_id>/oauth/callback';" |
434 | 439 | ] |
435 | 440 | }, |
436 | 441 | { |
|
0 commit comments