faucet-source-snowflake
Snowflake query source connector for the faucet-stream ecosystem. Executes a SQL statement against Snowflake via the SQL REST API and streams rows back as serde_json::Value records.
Features
- JWT key-pair and OAuth bearer authentication —
SnowflakeAuthre-exported fromfaucet-common-snowflake; credentials are masked inDebugoutput. - Server-side partitioning — large result sets are paged via
GET /api/v2/statements/{handle}?partition=N; one HTTP round-trip per partition, no client-side buffering of unrelated partitions. - Configurable batching —
batch_sizere-frames partitions into pages forSource::stream_pages;batch_size = 0opts out of re-chunking and emits the full result set as one page. - Async / sync handling — if Snowflake returns
202 Accepted(statement still running), the source polls the handle until the result is ready, bounded bypoll_timeout(default 300 s;0= poll forever) so a stuck statement fails instead of hanging. - Bind parameters — positional
paramsfrom config are merged with${parent.path}tokens resolved from the matrix-row context. Each bind's Snowflake type is inferred from the JSON value (FIXEDfor integers,REALfor floats,BOOLEANfor bools,TEXTotherwise), so numeric/boolean binds compare against typed columns instead of being forced toTEXT. - Type-aware row conversion —
FIXED,REAL,BOOLEAN, andVARIANT/OBJECT/ARRAYcolumns are parsed into native JSON shapes; everything else (timestamps, dates, binary) passes through as strings. A scale-0FIXED/NUMBERvalue beyondu64(e.g.NUMBER(38,0)) is kept as a string rather than a lossyf64, preserving full precision (the same approach as BigQuery NUMERIC).
Configuration
type: snowflake
config:
account: xy12345.us-east-1
warehouse: COMPUTE_WH
database: ANALYTICS
schema: PUBLIC
role: ANALYST # optional
auth:
type: oauth
config:
token: ${env:SNOWFLAKE_OAUTH_TOKEN}
query: |
SELECT id, name, created_at
FROM events
WHERE created_at >= ?
params:
- "2026-01-01"
statement_timeout: 60 # seconds, defaults to 60
poll_timeout: 300 # seconds, defaults to 300; 0 = poll forever
batch_size: 1000 # default, or 0 to disable re-chunking
Key-pair authentication
auth:
type: key_pair
config:
user: SVC_LOAD
private_key_pem: ${file:/etc/secrets/snowflake.pem}
The source generates an RS256 JWT per request (1-hour expiry) signed with the configured PEM key and sends it in the Authorization: Bearer ... header along with X-Snowflake-Authorization-Token-Type: KEYPAIR_JWT.
Library use
use Source;
use ;
# async
License
MIT OR Apache-2.0