公开(公告)号：US20220350794A1

公开(公告)日：2022-11-03

申请号：US17646200

申请日：2021-12-28

Applicant: Snowflake Inc.

Inventor： Srilakshmi Chintala ,  Istvan Cseri ,  Albert L. Hu ,  Isaac Kunen ,  Nitya Kumar Sharma ,  Igor Zinkovsky

IPC: G06F16/245 ,  G06F16/22 ,  G06F16/958

Abstract: A query referencing an external table function provided by a remote software component is received. Requests to execute the external table function on input data are sent to a proxy service. A first request includes a batch of input rows from the input data. A first response to the first request received from the proxy service includes a first portion of result data and a pagination token. The pagination token indicates that at least a second portion of the result data corresponding to the first batch of input rows is to be obtained from the remote software component. Based on the pagination token, a second request is sent to obtain the second portion of the result data. One or more responses are received from the proxy service that comprise at least the second portion of the result data. The result data is processed according to the query.

公开(公告)号：US11249829B2

公开(公告)日：2022-02-15

申请号：US17461576

申请日：2021-08-30

Applicant: Snowflake Inc.

Inventor： Istvan Cseri ,  Isaac Kunen ,  Igor Zinkovsky

IPC: G06F9/44 ,  G06F9/54 ,  H04L67/565 ,  H04L29/06 ,  G06F16/242

Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

公开(公告)号：US11243947B1

公开(公告)日：2022-02-08

申请号：US17388142

申请日：2021-07-29

Applicant: Snowflake Inc.

Inventor： Srilakshmi Chintala ,  Istvan Cseri ,  Albert L. Hu ,  Isaac Kunen ,  Nitya Kumar Sharma ,  Igor Zinkovsky

IPC: G06F16/00 ,  G06F16/245 ,  H04L29/06 ,  G06F16/22 ,  G06F16/958

Abstract: A query referencing an external table function provided by a remote software component is received. Requests to execute the external table function on input data are sent to a proxy service. A first request includes a batch of input rows from the input data. A first response to the first request received from the proxy service includes a first portion of result data and a pagination token. The pagination token indicates that at least a second portion of the result data corresponding to the first batch of input rows is to be obtained from the remote software component. Based on the pagination token, a second request is sent to obtain the second portion of the result data. One or more responses are received from the proxy service that comprise at least the second portion of the result data. The result data is processed according to the query.

公开(公告)号：US20210406311A1

公开(公告)日：2021-12-30

申请号：US17463325

申请日：2021-08-31

Applicant: Snowflake Inc.

Inventor： Elliott Brossard ,  Sukruth Komarla Sukumar ,  Isaac Kunen ,  Ju-yi Kuo ,  Jonathan Lee Leang ,  Edward Ma ,  Schuyler James Manchester ,  Polita Paulus ,  Saurin Shah ,  Igor Zinkovsky

IPC: G06F16/901 ,  G06F16/955 ,  G06F16/2455 ,  G06F16/22 ,  G06F16/908

Abstract: A file access system for user defined functions (UDFs) can be implemented on a distributed database system. The system can store UDF interfaces and file reference objects that can be called by other users. Upon a UDF being called, files on a stage, one or more interface objects (e.g., InputStream), and file reference objects can be implemented by execution nodes of the distributed database system. The execution nodes can implement multiple threads that are authenticated and can download file data from a staging location concurrently.

公开(公告)号：US20210374235A1

公开(公告)日：2021-12-02

申请号：US17352005

申请日：2021-06-18

Applicant: Snowflake Inc.

Inventor： Elliott Brossard ,  Derek Denny-Brown ,  Isaac Kunen ,  Soumitr Rajiv Pandey ,  Jacob Salassi ,  Srinath Shankar ,  Haowei Yu ,  Andong Zhan

IPC: G06F21/53 ,  G06F21/78 ,  G06F16/22 ,  G06F21/62 ,  H04L29/06 ,  G06F21/54

Abstract: The subject technology receives, in a computing process, a user defined function, the user defined function including code related to at least one operation to be performed. The subject technology determines by a security manager whether performing the at least one operation is permitted, the security manager determines restrictions, based at least in part on a security policy. The subject technology performs the at least one operation. The subject technology sends a result of the at least one operation to the computing process, where sending the result of the at least one operation utilizes a data transport mechanism that supports a network transfer of columnar data.

公开(公告)号：US11132243B2

公开(公告)日：2021-09-28

申请号：US17219858

申请日：2021-03-31

Applicant: Snowflake Inc.

Inventor： Istvan Cseri ,  Isaac Kunen ,  Igor Zinkovsky

IPC: G06G7/48 ,  G06F9/54 ,  G06F16/242 ,  H04L29/06 ,  H04L29/08

Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

公开(公告)号：US10810067B1

公开(公告)日：2020-10-20

申请号：US16821430

申请日：2020-03-17

Applicant: Snowflake Inc.

Inventor： Istvan Cseri ,  Isaac Kunen ,  Igor Zinkovsky

IPC: G06F9/44 ,  G06F9/54 ,  G06F16/242 ,  H04L29/06 ,  H04L29/08

Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

公开(公告)号：US12190181B2

公开(公告)日：2025-01-07

申请号：US18429367

申请日：2024-01-31

Applicant: Snowflake Inc.

Inventor： Isaac Kunen ,  Srinath Shankar ,  Zihan Li ,  Khushboo Bhatia ,  Edward Ma

IPC: G06F9/54 ,  G06F16/2455 ,  G06F16/28 ,  G06F21/53

Abstract: A database system configured to manage and execute stored procedures within a secure sandbox process. The system receives a response to a database query and, through an Application Programming Interface (API) executing within the sandbox process, converts the response into a remote procedure call. The sandbox process is modified to restrict communication with external networks while enabling communication with a designated execution node, which facilitates interaction between the stored procedure and database system components. The stored procedure, executing within the confines of the sandbox process, directs the API to communicate with the execution node. The execution node, in turn, submits the database query to the database system component.

公开(公告)号：US12118038B2

公开(公告)日：2024-10-15

申请号：US18063253

申请日：2022-12-08

Applicant: Snowflake Inc.

Inventor： Elliott Brossard ,  Sukruth Komarla Sukumar ,  Isaac Kunen ,  Ju-Yi Kuo ,  Jonathan Lee Leang ,  Edward Ma ,  Schuyler James Manchester ,  Polita Paulus ,  Saurin Shah ,  Igor Zinkovsky

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/2455 ,  G06F16/901 ,  G06F16/908 ,  G06F16/955

CPC classification number: G06F16/9017 ,  G06F16/2282 ,  G06F16/24568 ,  G06F16/908 ,  G06F16/955

Abstract: A method includes decoding, by at least one hardware processor, a request for a user-defined function (UDF). The request includes a reference to one or more files. The method further includes generating, by the at least one hardware processor, the UDF based on the request. The UDF includes a file reference object with file path information corresponding to the reference. The file path information identifies a file path to the one or more files. A UDF call into the UDF is detected. The UDF call specifies the file path information. The UDF call is processed to generate result data using the one or more files.

公开(公告)号：US20240330437A1

公开(公告)日：2024-10-03

申请号：US18737362

申请日：2024-06-07

Applicant: Snowflake Inc.

Inventor： Thierry Cruanes ,  Ganeshan Ramachandran Iyer ,  Isaac Kunen

IPC: G06F21/54 ,  G06F16/2455 ,  G06F21/53 ,  G06F21/60

CPC classification number: G06F21/54 ,  G06F16/2455 ,  G06F21/53 ,  G06F21/602 ,  G06F2221/033

Abstract: The logging techniques described herein can enable using logging tools without having to use different methods for sandbox implementations and push out the log data to storage without problems. The log data is treated as sensitive data and is protected according to the defined security policies. Further, the results may be compressed and encrypted.