From 44ea387be9cb798dd4ce708776ce93011db3557b Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:21:47 -0700 Subject: [PATCH 01/11] a few fixes update IP addresses move erroneous comma update integration name for consistency --- .../gpt_action_snowflake_direct.ipynb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 75631926b4..f285402bd5 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -266,12 +266,17 @@ " VALUE_LIST = ('23.102.140.112/28',\n", " '13.66.11.96/28',\n", " '104.210.133.240/28',\n", + " '70.37.60.192/28',\n", " '20.97.188.144/28',\n", " '20.161.76.48/28',\n", " '52.234.32.208/28',\n", " '52.156.132.32/28',\n", " '40.84.220.192/28',\n", " '23.98.178.64/28',\n", + " '51.8.155.32/28',\n", + " '20.246.77.240/28',\n", + " '172.178.141.0/28',\n", + " '172.178.141.192/28',\n", " '40.84.180.128/28');\n", "\n", "CREATE NETWORK POLICY chatgpt_network_policy\n", @@ -304,8 +309,8 @@ " OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'\n", " OAUTH_REDIRECT_URI = 'https://oauth.pstmn.io/v1/callback' --- // this is a temporary value while testing your integration. You will replace this with the value your GPT provides\n", " OAUTH_ISSUE_REFRESH_TOKENS = TRUE\n", - " OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;\n", - " NETWORK_POLICY = chatgpt_network_policy --- // this line should only be included if you followed step 1 above" + " OAUTH_REFRESH_TOKEN_VALIDITY = 7776000\n", + " NETWORK_POLICY = chatgpt_network_policy; --- // this line should only be included if you followed step 1 above" ] }, { @@ -430,7 +435,7 @@ }, "outputs": [], "source": [ - "ALTER SECURITY INTEGRATION CHATGPT_INTEGRATION_DEV SET OAUTH_REDIRECT_URI='https://chat.openai.com/aip//oauth/callback';" + "ALTER SECURITY INTEGRATION CHATGPT_INTEGRATION SET OAUTH_REDIRECT_URI='https://chat.openai.com/aip//oauth/callback';" ] }, { From 0f3e675072da197a4873a114de405618ad6cf6ca Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:23:55 -0700 Subject: [PATCH 02/11] easy secret fetching --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index f285402bd5..6454acd436 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -368,7 +368,7 @@ }, "outputs": [], "source": [ - "select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION');" + "SELECT trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_ID) AS OAUTH_CLIENT_ID, trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_SECRET) AS OAUTH_CLIENT_SECRET;" ] }, { @@ -398,6 +398,7 @@ "| -------- | -------- |\n", "| Authentication Type | OAuth |\n", "| Client ID | OAUTH_CLIENT_ID from SHOW_OAUTH_CLIENT_SECRETS |\n", + "| Client Secret | OAUTH_CLIENT_SECRET from SHOW_OAUTH_CLIENT_SECRETS |\n", "| Authorization URL | OAUTH_AUTHORIZATION_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", "| Token URL | OAUTH_TOKEN_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", "| Scope | <empty>* |\n", From 72037226fe60c50ef8fe3d00f55bf37e2033dbe0 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:24:29 -0700 Subject: [PATCH 03/11] remove backticks --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 6454acd436..2368b1f94d 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -125,7 +125,7 @@ "**Context**: You are an expert at writing Snowflake SQL queries. A user is going to ask you a question. \n", "\n", "**Instructions**:\n", - "1. No matter the user's question, start by running `runQuery` operation using this query: \"SELECT column_name, table_name, data_type, comment FROM `{database}.INFORMATION_SCHEMA.COLUMNS`\" \n", + "1. No matter the user's question, start by running `runQuery` operation using this query: \"SELECT column_name, table_name, data_type, comment FROM {database}.INFORMATION_SCHEMA.COLUMNS\" \n", "-- Assume warehouse = \"\", database = \"\", unless the user provides different values \n", "2. Convert the user's question into a SQL statement that leverages the step above and run the `runQuery` operation on that SQL statement to confirm the query works. Add a limit of 100 rows\n", "3. Now remove the limit of 100 rows and return back the query for the user to see\n", From c5b27f488d8256e7b1c2b8a7e2a27d95a8ee7915 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:27:07 -0700 Subject: [PATCH 04/11] formatting --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 2368b1f94d..6de1bd7e1e 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -368,16 +368,15 @@ }, "outputs": [], "source": [ - "SELECT trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_ID) AS OAUTH_CLIENT_ID, trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_SECRET) AS OAUTH_CLIENT_SECRET;" + "SELECT \n", + "trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_ID) AS OAUTH_CLIENT_ID\n", + ", trim(parse_json(SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION')):OAUTH_CLIENT_SECRET) AS OAUTH_CLIENT_SECRET;" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ - "\n", - "You’ll find the Client Secret in OAUTH_CLIENT_SECRET. Do not include the double quotes when copying the value.\n", - "\n", "Now is a good time to [test your Snowflake integration in Postman](https://community.snowflake.com/s/article/How-to-configure-postman-for-testing-SQL-API-with-OAuth). If you configured a network policy for your security integration, ensure that it includes the IP of the machine you're using to test." ] }, From d418905b9c7c2442c696146943290f3294742a14 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:27:44 -0700 Subject: [PATCH 05/11] wording --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 6de1bd7e1e..c7d234791c 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -355,7 +355,7 @@ "metadata": {}, "source": [ "\n", - "* Retrieve your OAuth Client Secret" + "* Retrieve your OAuth Client Secret using SHOW_OAUTH_CLIENT_SECRETS" ] }, { From 8bb29cd268cb7ea976eaf536b44bb36103bdef31 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:31:35 -0700 Subject: [PATCH 06/11] use role in the auth instead of only instructions --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index c7d234791c..286d23d78f 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -400,11 +400,11 @@ "| Client Secret | OAUTH_CLIENT_SECRET from SHOW_OAUTH_CLIENT_SECRETS |\n", "| Authorization URL | OAUTH_AUTHORIZATION_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", "| Token URL | OAUTH_TOKEN_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", - "| Scope | <empty>* |\n", + "| Scope | session:role:* |\n", "| Token Exchange Method | Default (POST Request) |\n", "\n", "\n", - "*Snowflake scopes pass the role, but you’ll notice the action itself also specifies the role as a parameter in runQuery, so the Scope is unnecessary. You may elect to pass roles in the scope instead of the action parameters if it makes more sense for your GPT." + "*Snowflake scopes pass the role in the format `session:role:` for example `session:role:CHATGPT_INTEGRATION_ROLE`. It's possible to leave this empty and specify the role in the instructions, but by adding it here it becomes included in OAuth Consent Request which can sometimes be more reliable. " ] }, { From 7adcf089524579bbc5fc4974198149c6a83b3a8f Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:32:11 -0700 Subject: [PATCH 07/11] visibility of role sample --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 286d23d78f..3bf40b8abe 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -400,7 +400,7 @@ "| Client Secret | OAUTH_CLIENT_SECRET from SHOW_OAUTH_CLIENT_SECRETS |\n", "| Authorization URL | OAUTH_AUTHORIZATION_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", "| Token URL | OAUTH_TOKEN_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n", - "| Scope | session:role:* |\n", + "| Scope | session:role:your_role* |\n", "| Token Exchange Method | Default (POST Request) |\n", "\n", "\n", From 61cb559ef5212d69f8d12b9e7cbd455c2f49df99 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:32:51 -0700 Subject: [PATCH 08/11] consistency of role identifier --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 3bf40b8abe..accc5ea98d 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -129,7 +129,7 @@ "-- Assume warehouse = \"\", database = \"\", unless the user provides different values \n", "2. Convert the user's question into a SQL statement that leverages the step above and run the `runQuery` operation on that SQL statement to confirm the query works. Add a limit of 100 rows\n", "3. Now remove the limit of 100 rows and return back the query for the user to see\n", - "4. Use the role when querying Snowflake\n", + "4. Use the role when querying Snowflake\n", "5. Run each step in sequence. Explain what you are doing in a few sentences, run the action, and then explain what you learned. This will help the user understand the reason behind your workflow. \n", "\n", "**Additional Notes**: If the user says \"Let's get started\", explain that the user can provide a project or dataset, along with a question they want answered. If the user has no ideas, suggest that we have a sample flights dataset they can query - ask if they want you to query that" @@ -404,7 +404,7 @@ "| Token Exchange Method | Default (POST Request) |\n", "\n", "\n", - "*Snowflake scopes pass the role in the format `session:role:` for example `session:role:CHATGPT_INTEGRATION_ROLE`. It's possible to leave this empty and specify the role in the instructions, but by adding it here it becomes included in OAuth Consent Request which can sometimes be more reliable. " + "*Snowflake scopes pass the role in the format `session:role:` for example `session:role:CHATGPT_INTEGRATION_ROLE`. It's possible to leave this empty and specify the role in the instructions, but by adding it here it becomes included in OAuth Consent Request which can sometimes be more reliable. " ] }, { From a078d0fd676211f89034dc163d8db7eeed2e9479 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:37:12 -0700 Subject: [PATCH 09/11] update date --- .../gpt_actions_library/gpt_action_snowflake_direct.ipynb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index accc5ea98d..7172f9db33 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -258,7 +258,7 @@ }, "outputs": [], "source": [ - "## Example with ChatGPT IPs as of September 19, 2024\n", + "## Example with ChatGPT IPs as of October 23, 2024\n", "## Make sure to get the current IP ranges from https://platform.openai.com/docs/actions/production\n", "CREATE NETWORK RULE chatgpt_network_rule\n", " MODE = INGRESS\n", From bff39d661387fc59a10342693f4886a2a66e7013 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:42:52 -0700 Subject: [PATCH 10/11] test details --- .../gpt_action_snowflake_direct.ipynb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index 7172f9db33..ef1ad02eab 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -95,6 +95,16 @@ "* Ensure that the user authenticating into Snowflake via ChatGPT has access to the database, schemas, and tables with the necessary role" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "
\n", + " Click to expand\n", + " This is the content of the collapsible section. You can include any Markdown-formatted text, lists, or code here.\n", + "
" + ] + }, { "cell_type": "markdown", "metadata": {}, From ea3a4556bb218713118e74aa664d7691f3ca8d76 Mon Sep 17 00:00:00 2001 From: Ray Harris Date: Wed, 23 Oct 2024 09:43:54 -0700 Subject: [PATCH 11/11] Revert "test details" This reverts commit bff39d661387fc59a10342693f4886a2a66e7013. --- .../gpt_action_snowflake_direct.ipynb | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb index ef1ad02eab..7172f9db33 100644 --- a/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb +++ b/examples/chatgpt/gpt_actions_library/gpt_action_snowflake_direct.ipynb @@ -95,16 +95,6 @@ "* Ensure that the user authenticating into Snowflake via ChatGPT has access to the database, schemas, and tables with the necessary role" ] }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "
\n", - " Click to expand\n", - " This is the content of the collapsible section. You can include any Markdown-formatted text, lists, or code here.\n", - "
" - ] - }, { "cell_type": "markdown", "metadata": {},