公开(公告)号：US11057381B1

公开(公告)日：2021-07-06

申请号：US16861739

申请日：2020-04-29

Applicant: Snowflake Inc.

Inventor： Derek Denny-Brown ,  Tyler Jones ,  Isaac Kunen

IPC: H04L29/06 ,  G06F21/31

Abstract: A credentials store definition identifying a remote credential store is received. The credential store definition includes access information to enable access to the remote credentials store. A credentials object is created in an internal database based on a credentials object definition. The credentials object identifies a security credential to retrieve from the remote credentials store to access an external resource. At runtime, a request to access the external resource is received, and based on receiving the request, the security credentials identified by the credentials object are retrieved from the remote credential store using the access information. The retrieved security credential is provided to a processing component to access the external resource.

公开(公告)号：US10997286B1

公开(公告)日：2021-05-04

申请号：US16945390

申请日：2020-07-31

Applicant: Snowflake Inc.

Inventor： Elliott Brossard ,  Derek Denny-Brown ,  Isaac Kunen ,  Soumitr Rajiv Pandey ,  Jacob Salassi ,  Srinath Shankar ,  Haowei Yu ,  Andong Zhan

IPC: G06F21/53 ,  G06F21/54 ,  G06F16/22 ,  G06F21/78 ,  H04L29/06 ,  G06F21/62

Abstract: The subject technology receives, in a first computing process, a user defined function, the user defined function including code related to at least one operation to be performed. The subject technology sends a request based on the at least one operation to a second computing process to perform, the second computing process being different than the first computing process and comprising a sandbox for executing the at least one operation. The subject technology receives, by the second computing process, the request. The subject technology determines, using at least a security policy, whether performing the at least one operation is permitted. The subject technology performs, in the second computing process, the least one operation. The subject technology sends, by the second computing process, a result of the at least one operation to the first computing process.

公开(公告)号：US10997005B1

公开(公告)日：2021-05-04

申请号：US17028466

申请日：2020-09-22

Applicant: Snowflake Inc.

Inventor： Istvan Cseri ,  Isaac Kunen ,  Igor Zinkovsky

IPC: G06F9/44 ,  G06F9/54 ,  G06F16/242 ,  H04L29/06 ,  H04L29/08

Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

公开(公告)号：US20210124633A1

公开(公告)日：2021-04-29

申请号：US17028466

申请日：2020-09-22

Applicant: Snowflake Inc.

Inventor： Istvan Cseri ,  Isaac Kunen ,  Igor Zinkovsky

IPC: G06F9/54 ,  G06F16/242 ,  H04L29/06 ,  H04L29/08

Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.