Improvements to GPT Actions library - Snowflake Direct (#1410)

This commit is contained in:
ray-openai 2024-09-19 09:31:53 -07:00 committed by GitHub
parent 027ad902af
commit 2399022424
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -142,7 +142,7 @@
"\n", "\n",
"### OpenAPI Schema\n", "### OpenAPI Schema\n",
"\n", "\n",
"Once you've created a Custom GPT, copy the text below in the Actions panel. Have questions? Check out [Getting Started Example](https://platform.openai.com/docs/actions/getting-started) to see how this step works in more detail." "Once you've created a Custom GPT, copy the text below in the Actions panel. Update the servers url to match your Snowflake Account Name url plus `/api/v2` as described [here](https://docs.snowflake.com/en/user-guide/organizations-connect#standard-account-urls). Have questions? Check out [Getting Started Example](https://platform.openai.com/docs/actions/getting-started) to see how this step works in more detail."
] ]
}, },
{ {
@ -161,7 +161,7 @@
" version: 1.0.0\n", " version: 1.0.0\n",
" description: API for executing statements in Snowflake with specific warehouse and role settings.\n", " description: API for executing statements in Snowflake with specific warehouse and role settings.\n",
"servers:\n", "servers:\n",
" - url: 'https://<your server ID>.<your cloud region>.<your cloud provider>.snowflakecomputing.com/api/v2'\n", " - url: 'https://<orgname>-<account_name>.snowflakecomputing.com/api/v2'\n",
"\n", "\n",
"\n", "\n",
"paths:\n", "paths:\n",
@ -238,16 +238,53 @@
"cell_type": "markdown", "cell_type": "markdown",
"metadata": {}, "metadata": {},
"source": [ "source": [
"Before you set up authentication in ChatGPT, please take the following steps in the application." "Before you set up authentication in ChatGPT, please take the following steps in Snowflake.\n",
"\n",
"### 1. Optional: Configure IP Whitelisting for ChatGPT\n",
"Snowflake accounts with network policies that limit connections by IP, may require exceptions to be added for ChatGPT.\n",
"* Review the Snowflake documentation on [Network Policies](https://docs.snowflake.com/en/user-guide/network-policies)\n",
"* Go to the Snowflake Worksheets\n",
"* Create a network rule with the ChatGPT IP egress ranges listed [here](https://platform.openai.com/docs/actions/production/ip-egress-ranges)\n",
"* Create a corresponding Network Policy"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"vscode": {
"languageId": "yaml"
}
},
"outputs": [],
"source": [
"## Example with ChatGPT IPs as of September 19, 2024\n",
"## Make sure to get the current IP ranges from https://platform.openai.com/docs/actions/production\n",
"CREATE NETWORK RULE chatgpt_network_rule\n",
" MODE = INGRESS\n",
" TYPE = IPV4\n",
" VALUE_LIST = ('23.102.140.112/28',\n",
" '13.66.11.96/28',\n",
" '104.210.133.240/28',\n",
" '20.97.188.144/28',\n",
" '20.161.76.48/28',\n",
" '52.234.32.208/28',\n",
" '52.156.132.32/28',\n",
" '40.84.220.192/28',\n",
" '23.98.178.64/28',\n",
" '40.84.180.128/28');\n",
"\n",
"CREATE NETWORK POLICY chatgpt_network_policy\n",
" ALLOWED_NETWORK_RULE_LIST = ('chatgpt_network_rule');"
] ]
}, },
{ {
"cell_type": "markdown", "cell_type": "markdown",
"metadata": {}, "metadata": {},
"source": [ "source": [
"### 2. Set up the Securit Integration\n",
"* Review the Snowflake OAuth Overview: [https://docs.snowflake.com/en/user-guide/oauth-snowflake-overview](https://docs.snowflake.com/en/user-guide/oauth-snowflake-overview)\n", "* Review the Snowflake OAuth Overview: [https://docs.snowflake.com/en/user-guide/oauth-snowflake-overview](https://docs.snowflake.com/en/user-guide/oauth-snowflake-overview)\n",
"* Go to the Snowflake Worksheets\n", "* Create new OAuth credentials through a [Security Integration](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-oauth-snowflake) - you will need a new one for each OAuth app/custom GPT since Snowflake Redirect URIs are 1-1 mapped to Security Integrations"
"* Create new OAuth credentials through a [Security Integration](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-oauth-snowflake) - you will need a new one for each OAuth app/custom GPT since Snowflake Redirect URIs are 1-1 mapped to Security Integrations\n"
] ]
}, },
{ {
@ -267,7 +304,8 @@
" OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'\n", " OAUTH_CLIENT_TYPE = 'CONFIDENTIAL'\n",
" OAUTH_REDIRECT_URI = 'https://oauth.pstmn.io/v1/callback' --- // this is a temporary value while testing your integration. You will replace this with the value your GPT provides\n", " OAUTH_REDIRECT_URI = 'https://oauth.pstmn.io/v1/callback' --- // this is a temporary value while testing your integration. You will replace this with the value your GPT provides\n",
" OAUTH_ISSUE_REFRESH_TOKENS = TRUE\n", " OAUTH_ISSUE_REFRESH_TOKENS = TRUE\n",
" OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;" " OAUTH_REFRESH_TOKEN_VALIDITY = 7776000;\n",
" NETWORK_POLICY = chatgpt_network_policy --- // this line should only be included if you followed step 1 above"
] ]
}, },
{ {
@ -312,11 +350,30 @@
"metadata": {}, "metadata": {},
"source": [ "source": [
"\n", "\n",
"* Retrieve your OAuth Client Secret\n", "* Retrieve your OAuth Client Secret"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"vscode": {
"languageId": "yaml"
}
},
"outputs": [],
"source": [
"select SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('CHATGPT_INTEGRATION');"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"\n", "\n",
"Youll find the Client Secret in OAUTH_CLIENT_SECRET.\n", "Youll find the Client Secret in OAUTH_CLIENT_SECRET. Do not include the double quotes when copying the value.\n",
"\n", "\n",
"Youre now set to test your action in Postman. Once you get a successful API response there, you can proceed with your GPT Action." "Now is a good time to [test your Snowflake integration in Postman](https://community.snowflake.com/s/article/How-to-configure-postman-for-testing-SQL-API-with-OAuth). If you copnfigured a network policy for your security integration, ensure that it includes the IP of the machine you're using to test."
] ]
}, },
{ {
@ -332,12 +389,15 @@
"source": [ "source": [
"In ChatGPT, click on \"Authentication\" and choose \"OAuth\". Enter in the information below.\n", "In ChatGPT, click on \"Authentication\" and choose \"OAuth\". Enter in the information below.\n",
"\n", "\n",
"* Client ID: use Client ID from steps above\n", "| Form Field | Value |\n",
"* Client Secret: use Client Secret from steps above\n", "| -------- | -------- |\n",
"* Authorization URL: use Authorization Endpoint from steps above\n", "| Authentication Type | OAuth |\n",
"* Token URL: use Token Endpoint from steps above\n", "| Client ID | OAUTH_CLIENT_ID from SHOW_OAUTH_CLIENT_SECRETS |\n",
"* Scope: &lt;empty>*\n", "| Authorization URL | OAUTH_AUTHORIZATION_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n",
"* Token: Default (POST)\n", "| Token URL | OAUTH_TOKEN_ENDPOINT from DESCRIBE SECURITY INTEGRATION |\n",
"| Scope | &lt;empty>* |\n",
"| Token Exchange Method | Default (POST Request) |\n",
"\n",
"\n", "\n",
"*Snowflake scopes pass the role, but youll notice the action itself also specifies the role as a parameter in runQuery, so the Scope is unnecessary. You may elect to pass roles in the scope instead of the action parameters if it makes more sense for your GPT." "*Snowflake scopes pass the role, but youll notice the action itself also specifies the role as a parameter in runQuery, so the Scope is unnecessary. You may elect to pass roles in the scope instead of the action parameters if it makes more sense for your GPT."
] ]
@ -384,7 +444,7 @@
"cell_type": "markdown", "cell_type": "markdown",
"metadata": {}, "metadata": {},
"source": [ "source": [
"\n", "* The callback url can change if you update the YAML, double check it is correct when making changes.\n",
"* _Callback URL Error:_ If you get a callback URL error in ChatGPT, pay close attention to the Post-Action Steps above. You need to add the callback URL directly into your Security Integration for the action to authenticate correctly\n", "* _Callback URL Error:_ If you get a callback URL error in ChatGPT, pay close attention to the Post-Action Steps above. You need to add the callback URL directly into your Security Integration for the action to authenticate correctly\n",
"* _Schema calls the wrong warehouse or database:_ If ChatGPT calls the wrong warehouse or database, consider updating your instructions to make it more explicit either (a) which warehouse / database should be called or (b) to require the user provide those exact details before it runs the query\n" "* _Schema calls the wrong warehouse or database:_ If ChatGPT calls the wrong warehouse or database, consider updating your instructions to make it more explicit either (a) which warehouse / database should be called or (b) to require the user provide those exact details before it runs the query\n"
] ]