From 15f6414bc45f6740daac5377c3e51aba8fb96a8c Mon Sep 17 00:00:00 2001 From: mirnawong1 Date: Tue, 19 Sep 2023 12:32:12 +0100 Subject: [PATCH 1/4] clarifying based on user confusion --- .../connect-snowflake.md | 37 ++++++++++++++----- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md index 4f31c56e8aa..12a6b2afa49 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md @@ -34,27 +34,31 @@ to authenticate dbt Cloud to run queries against Snowflake on behalf of a Snowfl The `Keypair` auth method uses Snowflake's [Key Pair Authentication](https://docs.snowflake.com/en/user-guide/python-connector-example.html#using-key-pair-authentication) to authenticate Development or Deployment credentials for a dbt Cloud project. -After [generating an encrypted key pair](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication), be sure to set the `rsa_public_key` for the Snowflake user to authenticate in dbt Cloud: +1. After [generating an encrypted key pair](https://docs.snowflake.com/en/user-guide/key-pair-auth.html#configuring-key-pair-authentication), be sure to set the `rsa_public_key` for the Snowflake user to authenticate in dbt Cloud: ```sql alter user jsmith set rsa_public_key='MIIBIjANBgkqh...'; ``` -Finally, set the "Private Key" and "Private Key Passphrase" fields in the "Edit -Credentials" page to finish configuring dbt Cloud to authenticate with Snowflake -using a key pair. +2. Finally, set the **Private Key** and **Private Key Passphrase** fields in the **Edit Credentials** page to finish configuring dbt Cloud to authenticate with Snowflake using a key pair. + + **Note:** At this time ONLY Encrypted Private Keys are supported by dbt Cloud, and the keys must be of size 4096 or smaller. -**Note:** At this time ONLY Encrypted Private Keys are supported by dbt Cloud, and the keys must be of size 4096 or smaller. - -In order to successfully fill in the Private Key field, you **must** include the commented lines below when you add the passphrase. Leaving the `PRIVATE KEY PASSPHRASE` field empty will return an error - have a look at the examples below: +3. To successfully fill in the Private Key field, you **must** include commented lines when you add the passphrase. + +Leaving the **Private Key Passphrase** field empty will return an error. If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to [Troubleshooting](#troubleshooting) for more info. **Example:** + ```sql -----BEGIN ENCRYPTED PRIVATE KEY----- -< encrypted private key contents here > +< encrypted private key contents here - line 1 > +< encrypted private key contents here - line 2 > +< ... > -----END ENCRYPTED PRIVATE KEY----- ``` - + + ### Snowflake OAuth @@ -68,3 +72,18 @@ more information on configuring a Snowflake OAuth connection in dbt Cloud, pleas ## Configuration To learn how to optimize performance with data platform-specific configurations in dbt Cloud, refer to [Snowflake-specific configuration](/reference/resource-configs/snowflake-configs). + +## Troubleshooting + + +If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to the following causes and solutions: + +- **Error: `Could not deserialize key data`** + - Possible causes — This might be due incorrect copying or the not including dashes or commented lines. + - Solution — You can either manually type the key values or copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud. + +- **Error: `JWT token`** + - Possible causes — When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. Snowflake's 60-second token rule can sometimes reveal issues like NTP server synchronization problems (server clocks not aligned), network latency, or token problems. + - Solution — Confirm mismatches between Snowflake's expected public or private keys or any Snowflake connection parameter errors (such as incorrect login details). Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error). + + From 913f6b57b3fe6bcd43819dc0ca07f86651545b2c Mon Sep 17 00:00:00 2001 From: mirnawong1 Date: Mon, 25 Sep 2023 10:14:57 +0100 Subject: [PATCH 2/4] update troubleshooting and fix typo --- .../cloud/connect-data-platform/connect-snowflake.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md index 12a6b2afa49..4bb6a456fcc 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md @@ -30,6 +30,7 @@ to authenticate dbt Cloud to run queries against Snowflake on behalf of a Snowfl ### Key Pair + **Available in:** Development environments, Deployment environments The `Keypair` auth method uses Snowflake's [Key Pair Authentication](https://docs.snowflake.com/en/user-guide/python-connector-example.html#using-key-pair-authentication) to authenticate Development or Deployment credentials for a dbt Cloud project. @@ -79,11 +80,11 @@ To learn how to optimize performance with data platform-specific configurations If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to the following causes and solutions: - **Error: `Could not deserialize key data`** - - Possible causes — This might be due incorrect copying or the not including dashes or commented lines. + - Possible causes — This could be because of mistakes like not copying correctly, missing dashes, or leaving out commented lines. - Solution — You can either manually type the key values or copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud. - **Error: `JWT token`** - - Possible causes — When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. Snowflake's 60-second token rule can sometimes reveal issues like NTP server synchronization problems (server clocks not aligned), network latency, or token problems. - - Solution — Confirm mismatches between Snowflake's expected public or private keys or any Snowflake connection parameter errors (such as incorrect login details). Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error). - - + - Possible causes — This could be transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. + - Solution — This requires dbt being able to retry connections to Snowflake.

+ - Possible causes — The public key was not entered correctly in Snowflake. + - Solution — You can confirm and enter Snowflake's public key. Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error). From b7c69a53c3ef09be8dc47e17258c5615863ac229 Mon Sep 17 00:00:00 2001 From: mirnawong1 Date: Mon, 25 Sep 2023 11:44:44 +0100 Subject: [PATCH 3/4] folding in benoit's feedback --- .../connect-snowflake.md | 42 +++++++++++++------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md index 4bb6a456fcc..54c7ec71038 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md @@ -41,11 +41,13 @@ The `Keypair` auth method uses Snowflake's [Key Pair Authentication](https://doc alter user jsmith set rsa_public_key='MIIBIjANBgkqh...'; ``` -2. Finally, set the **Private Key** and **Private Key Passphrase** fields in the **Edit Credentials** page to finish configuring dbt Cloud to authenticate with Snowflake using a key pair. +1. Finally, set the **Private Key** and **Private Key Passphrase** fields in the **Credentials** page to finish configuring dbt Cloud to authenticate with Snowflake using a key pair. **Note:** At this time ONLY Encrypted Private Keys are supported by dbt Cloud, and the keys must be of size 4096 or smaller. -3. To successfully fill in the Private Key field, you **must** include commented lines when you add the passphrase. + + +2. To successfully fill in the Private Key field, you **must** include commented lines when you add the passphrase. Leaving the **Private Key Passphrase** field empty will return an error. If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to [Troubleshooting](#troubleshooting) for more info. @@ -59,8 +61,6 @@ Leaving the **Private Key Passphrase** field empty will return an error. If you -----END ENCRYPTED PRIVATE KEY----- ``` - - ### Snowflake OAuth **Available in:** Development environments, Enterprise plans only @@ -79,12 +79,30 @@ To learn how to optimize performance with data platform-specific configurations If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to the following causes and solutions: -- **Error: `Could not deserialize key data`** - - Possible causes — This could be because of mistakes like not copying correctly, missing dashes, or leaving out commented lines. - - Solution — You can either manually type the key values or copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud. +
+ +Error: Could not deserialize key data + + - Possible cause + + - This could be because of mistakes like not copying correctly, missing dashes, or leaving out commented lines. + - Solution + + - You can copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud. + +
+ +
+Error: JWT token + + - Possible causes + + - This could be transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. + - The public key was not entered correctly in Snowflake. + + - Solutions + + - dbt needs to retry connections to Snowflake. + - Confirm and enter Snowflake's public key correctly. Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error). -- **Error: `JWT token`** - - Possible causes — This could be transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. - - Solution — This requires dbt being able to retry connections to Snowflake.

- - Possible causes — The public key was not entered correctly in Snowflake. - - Solution — You can confirm and enter Snowflake's public key. Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error). +
From 282a075c1943b6e7e3d658e680d49f7efc7573c2 Mon Sep 17 00:00:00 2001 From: mirnawong1 Date: Tue, 26 Sep 2023 10:34:16 +0100 Subject: [PATCH 4/4] fix numbering --- .../cloud/connect-data-platform/connect-snowflake.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md index 54c7ec71038..62a58f6e1c5 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md @@ -41,15 +41,11 @@ The `Keypair` auth method uses Snowflake's [Key Pair Authentication](https://doc alter user jsmith set rsa_public_key='MIIBIjANBgkqh...'; ``` -1. Finally, set the **Private Key** and **Private Key Passphrase** fields in the **Credentials** page to finish configuring dbt Cloud to authenticate with Snowflake using a key pair. +2. Finally, set the **Private Key** and **Private Key Passphrase** fields in the **Credentials** page to finish configuring dbt Cloud to authenticate with Snowflake using a key pair. **Note:** At this time ONLY Encrypted Private Keys are supported by dbt Cloud, and the keys must be of size 4096 or smaller. - - -2. To successfully fill in the Private Key field, you **must** include commented lines when you add the passphrase. - -Leaving the **Private Key Passphrase** field empty will return an error. If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to [Troubleshooting](#troubleshooting) for more info. +3. To successfully fill in the Private Key field, you **must** include commented lines when you add the passphrase. Leaving the **Private Key Passphrase** field empty will return an error. If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to [Troubleshooting](#troubleshooting) for more info. **Example:** @@ -61,6 +57,8 @@ Leaving the **Private Key Passphrase** field empty will return an error. If you -----END ENCRYPTED PRIVATE KEY----- ``` + + ### Snowflake OAuth **Available in:** Development environments, Enterprise plans only @@ -97,7 +95,7 @@ If you're receiving a `Could not deserialize key data` or `JWT token` error, ref - Possible causes - - This could be transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. + - This could be a transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud. - The public key was not entered correctly in Snowflake. - Solutions