Fluid Forge
Why Forge
Concepts
Get Started
  • Consume a Data Product
  • See it run
  • Demos
  • Local (DuckDB)
  • Source-Aligned (Postgres → DuckDB)
  • AI Forge + Data Models
  • MCP Output Port — Serve to AI Agents
  • GCP (BigQuery)
  • Snowflake Team Collaboration
  • Declarative Airflow
  • Orchestration Export
  • Jenkins CI/CD
  • Universal Pipeline
  • 11-Stage Production Pipeline
  • Catalog Forge End-to-End
CLI Reference
  • Agent Policy (concept)
  • MCP Output Port — Serve to Agents
  • MCP deep-dive
  • AI-assisted authoring
  • LLM providers & backends
  • Overview
  • Quickstart
  • Examples
  • Your own CI
  • Your own scaffolding
  • Custom validator
  • Apply hook
  • Reference
  • Overview
  • Architecture
  • GCP (BigQuery)
  • AWS (S3 + Athena)
  • Snowflake
  • Local (DuckDB)
  • Custom Providers
  • Roadmap
GitHub
Why Forge
Concepts
Get Started
  • Consume a Data Product
  • See it run
  • Demos
  • Local (DuckDB)
  • Source-Aligned (Postgres → DuckDB)
  • AI Forge + Data Models
  • MCP Output Port — Serve to AI Agents
  • GCP (BigQuery)
  • Snowflake Team Collaboration
  • Declarative Airflow
  • Orchestration Export
  • Jenkins CI/CD
  • Universal Pipeline
  • 11-Stage Production Pipeline
  • Catalog Forge End-to-End
CLI Reference
  • Agent Policy (concept)
  • MCP Output Port — Serve to Agents
  • MCP deep-dive
  • AI-assisted authoring
  • LLM providers & backends
  • Overview
  • Quickstart
  • Examples
  • Your own CI
  • Your own scaffolding
  • Custom validator
  • Apply hook
  • Reference
  • Overview
  • Architecture
  • GCP (BigQuery)
  • AWS (S3 + Athena)
  • Snowflake
  • Local (DuckDB)
  • Custom Providers
  • Roadmap
GitHub
  • Introduction

    • Home
    • Why Fluid Forge
    • Getting Started
    • Snowflake Quickstart
    • See it run
    • Forge Data Model
    • Vision & Roadmap
    • Playground
    • FAQ
  • Concepts

    • Concepts
    • Builds, Exposes, Bindings
    • What is a contract?
    • Quality, SLAs & Lineage
    • Governance & Policy
    • Agent Policy (LLM/AI governance)
    • Providers vs Platforms
    • Fluid Forge vs alternatives
  • Data Products

    • Consume a Data Product
    • Product Types — SDP, ADP, CDP
  • Walkthroughs

    • Walkthrough: Local Development
    • Source-Aligned: Postgres → DuckDB → Parquet
    • AI Forge And Data-Model Journeys
    • Walkthrough: MCP Output Port
    • Walkthrough: Deploy to Google Cloud Platform
    • Walkthrough: Snowflake Team Collaboration
    • Declarative Airflow DAG Generation - The FLUID Way
    • Generating Orchestration Code from Contracts
    • Jenkins CI/CD for FLUID Data Products
    • Universal Pipeline
    • The 11-Stage Pipeline
    • End-to-End Walkthrough: Catalog → Contract → Transformation
  • CLI Reference

    • CLI Reference
    • Core workflow

      • fluid init
      • fluid demo
      • fluid forge
      • fluid validate
      • fluid plan
      • fluid apply
      • fluid diff
      • fluid status
    • Build & ship

      • fluid bundle
      • fluid generate
      • fluid generate artifacts
      • fluid validate-artifacts
      • fluid verify-signature
      • fluid generate iac
      • fluid generate-airflow
      • fluid generate-pipeline
      • fluid viz-graph
      • fluid publish
      • fluid ship
      • fluid rollback
      • fluid schedule-sync
    • AI & Agents

      • fluid ai
      • fluid agents
      • fluid mcp
      • fluid memory
      • fluid stats
      • fluid skills
    • Quality & governance

      • fluid test
      • fluid verify
      • fluid contract-tests
      • fluid contract-validation
      • fluid policy
      • fluid policy check
      • fluid policy compile
      • fluid policy apply
    • Standards & interoperability

      • fluid odps
      • fluid odps-bitol
      • fluid odcs
      • fluid export
      • fluid export-odps
      • fluid exporters
      • fluid import
      • fluid market
      • fluid datamesh-manager
    • Project & workspace

      • fluid product-new
      • fluid product-add
      • fluid workspace
      • fluid contract
      • fluid split
      • fluid config
      • fluid providers
      • fluid plugins
      • fluid provider-init
      • fluid auth
      • fluid secrets
      • fluid ide
      • fluid scaffold-ci
      • fluid scaffold-composer
      • fluid scaffold-ide
      • fluid docs
      • fluid runs
      • fluid retention
      • fluid describe
      • fluid doctor
      • fluid roadmap
      • fluid version
    • Catalog adapters

      • Source Catalog Integration (V1.5)
      • Publishing to a Catalog — Overview
      • BigQuery Catalog
      • Snowflake Horizon Catalog
      • Databricks Unity Catalog
      • Google Dataplex Catalog
      • AWS Glue Data Catalog
      • DataHub Catalog
      • Data Mesh Manager Catalog
      • OpenMetadata Catalog
    • CLI by task

      • CLI by task
      • Add quality rules
      • Add agent governance
      • Debug a failed pipeline run
      • Switch clouds with one line
  • Recipes

    • Recipes
    • Recipe — add a quality rule
    • Recipe — switch clouds with one line
    • Recipe — tag PII in your schema
    • Write a contract that consumes another contract
    • Generate per-environment overlays
  • SDK & Plugins

    • SDK & Plugins
    • Quickstart — your first plugin
    • Examples

      • Runnable examples
      • Example: hello-scaffold — the minimal viable plugin
      • Example: gitlab-ci-scaffold — generate a complete CI project
      • Example: steward-validator — a custom governance rule
      • Example: prod-key-guard — apply-time invariant check
    • Journeys

      • Journeys
      • Your own CI/CD

        • You have your own CI/CD setup, no problem
        • GitLab CI — the bundle template
        • GitHub Actions — the bundle template
        • Jenkins — the bundle template
        • CircleCI — the bundle template
      • You have a strict project layout, no problem
      • You have governance rules, no problem
      • You want a check at apply time, no problem
    • Reference

      • Reference
      • Roles reference
      • Entry points reference
      • Trust model
      • Packaging
      • Companion packages
  • Providers

    • Providers
    • Provider Architecture
    • GCP Provider
    • AWS Provider
    • Snowflake Provider
    • Local Provider
    • Creating Custom Providers
    • Provider Roadmap
  • AI & Agents

    • MCP Server
    • Built-in And Custom Forge Guidance
    • Forge Discovery Guide
    • Forge Memory Guide
    • Authoring Forge Tools
    • Guided fluid forge UX
    • LLM Providers
    • LiteLLM Backend
    • Capability Warnings
    • Cost Tracking
    • FLUID Forge Contract GPT Packet
    • Agentic Primitives
  • Operate & Deploy

    • Airflow Integration
    • Blueprints
    • Source-Aligned Acquisition
  • Govern & Secure

    • Governance, Compliance & the Business Case
    • Governance & Compliance
    • Network Safety
    • Credential Resolver — Security Model
  • Configuration & Reference

    • Environment Variables
    • Typed Errors
    • Typed CLI Errors
    • API Stability — fluid_build.api
  • Architecture & Releases

    • V1.5 Catalog Integration — Architecture Deep-Dive
    • V1.5 + V2 Hardening — Release Notes
  • Project

    • Contributing to Fluid Forge
    • Fluid Forge Docs Baseline: CLI 0.9.0
    • Fluid Forge Docs Baseline: CLI 0.8.11
    • Fluid Forge Docs Baseline: CLI 0.8.10
    • Fluid Forge Docs Baseline: CLI 0.8.9
    • Fluid Forge Docs Baseline: CLI 0.8.8
    • Fluid Forge Docs Baseline: CLI 0.8.7
    • Fluid Forge Docs Baseline: CLI 0.8.6
    • Fluid Forge Docs Baseline: CLI 0.8.5
    • Fluid Forge Docs Baseline: CLI 0.8.4
    • Fluid Forge Docs Baseline: CLI 0.8.3
    • Fluid Forge Docs Baseline: CLI 0.8.0
    • Fluid Forge Docs Baseline: CLI 0.7.11
    • Fluid Forge Docs Baseline: CLI 0.7.9
    • Fluid Forge v0.7.1 - Multi-Provider Export Release

Snowflake Horizon Catalog

Source-side catalog adapter for Snowflake Horizon. Reads INFORMATION_SCHEMA, OBJECT_TAGS (governance), OBJECT_DEPENDENCIES (lineage), SYSTEM$CLASSIFY (auto-PII classification), and the business descriptions / certified-vs-sandbox markers Horizon sets on every object.

Recommended for: any Snowflake-first team. Horizon's metadata is among the richest available in any commercial warehouse — forge-cli reads all of it and turns it into Logical model + Fluid contract + dbt transformation.

Install

pip install "data-product-forge[snowflake]"

Adds the snowflake-connector-python runtime dep. Default install ships without it; the adapter raises CatalogConfigError with the exact pip install command if you call it without the extra.

Privileges to grant

The adapter is read-only on metadata — never reads data values. Required privileges depend on what you want forge-cli to see.

Minimum (list + introspect tables)

-- Run as a role that can grant on the database / schema.
GRANT USAGE ON DATABASE BIZ_LAB TO ROLE ANALYST;
GRANT USAGE ON SCHEMA BIZ_LAB.SEEDED TO ROLE ANALYST;
GRANT REFERENCES ON ALL TABLES IN SCHEMA BIZ_LAB.SEEDED TO ROLE ANALYST;
GRANT REFERENCES ON FUTURE TABLES IN SCHEMA BIZ_LAB.SEEDED TO ROLE ANALYST;

Full (also reads tags + lineage + sensitivity)

-- Tag reads — Horizon governance signal.
GRANT APPLY TAG ON ACCOUNT TO ROLE ANALYST;
-- (or, for a tighter scope: SHARE the relevant tag references)

-- Lineage reads from ACCOUNT_USAGE (24h-lagged).
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE ANALYST;

-- SYSTEM$CLASSIFY usage.
GRANT EXECUTE TASK ON ACCOUNT TO ROLE ANALYST;  -- if running classification on demand

If you skip the "full" block, the adapter soft-fails on those reads (empty tags / empty lineage / no sensitivity) — you still get a working forge from INFORMATION_SCHEMA alone.

Authentication methods

MethodWhen to useSetup
key_pair ★Default for production. Most secure — no password.Generate an RSA key pair with openssl genrsa -out key.p8 2048; upload public to Snowflake user; point adapter at key.p8.
passwordQuickstart / local devSet SNOWFLAKE_PASSWORD env var or store in OS keyring.
externalbrowserSSO / Okta / Azure ADAdapter pops a browser window for SAML; Snowflake handles the rest.
oauthFederated identitiesOAuth bearer token (short-lived, refreshed externally).

★ key_pair is the recommended path. The setup wizard pre-fills it.

Setup

fluid ai setup --source snowflake --name snowflake-prod
# ? Catalog: snowflake
# ? Account: myorg-abc12345        (the part before .snowflakecomputing.com)
# ? Username: analyst@example.com
# ? Auth method:
#   ★ key_pair (recommended)
#     password
#     externalbrowser
#     oauth
# ? Private key path: /Users/me/.ssh/snowflake_key.p8
# ? Private key passphrase: ******     (optional; stored in keyring if set)
# ? Default warehouse: COMPUTE_WH
# ? Default role: ANALYST
# ? Default database: BIZ_LAB
# ? Default schema:   SEEDED
# ✓ Saved to ~/.fluid/sources.yaml (secrets in OS keyring)

Or set env vars directly:

export SNOWFLAKE_ACCOUNT=myorg-abc12345
export SNOWFLAKE_USER=analyst@example.com
export SNOWFLAKE_PRIVATE_KEY_PATH=/Users/me/.ssh/snowflake_key.p8
export SNOWFLAKE_WAREHOUSE=COMPUTE_WH
export SNOWFLAKE_ROLE=ANALYST

End-to-end demo

# 1. Configure once.
fluid ai setup --source snowflake --name snowflake-prod

# 2. Forge a Data Vault 2.0 model from a schema.
fluid forge data-model from-source \
  --source snowflake \
  --credential-id snowflake-prod \
  --database BIZ_LAB --schema SEEDED \
  --technique data-vault-2 \
  -o biz_lab.fluid.yaml

# Output:
#   biz_lab.fluid.yaml             — Fluid 0.7.2 contract
#   biz_lab.fluid.yaml.model.json  — Logical IR sidecar (DV2 hubs/links/sats)
#   biz_lab.semantics.osi.yaml     — OSI v0.1.1 standalone

# 3. Generate dbt transformations from the same contract.
fluid generate transformation biz_lab.fluid.yaml -o ./dbt_biz_lab --dbt-validate

You'll see a cost summary at the end of step 2 with token usage per stage. If catalog reads are slow, the adapter logs each query at --verbose.

What lands where

Snowflake sourceForge output
Table COMMENTOSIDataset.fields[].expression.description
Column COMMENTOSIDataset.fields[].expression.description
Primary keyOSIDataset.primary_key[]
Foreign keyOSIRelationship[] (deterministic, not LLM-inferred)
OBJECT_TAGS.domainmetadata.domain (Fluid contract) + industry hint
OBJECT_TAGS.owner_teammetadata.owner.team (system roles like ACCOUNTADMIN excluded)
OBJECT_TAGS.sensitivityagentPolicy.sensitiveData[] + dbt meta:
OBJECT_DEPENDENCIESmetadata.lineage.upstream[] + DV2 link inference (V1.5 Sprint E)
SYSTEM$CLASSIFY resultsOSI custom_extensions[] for downstream policy enforcement

System roles never become owners

Snowflake's ACCOUNTADMIN / SYSADMIN / SECURITYADMIN / USERADMIN / ORGADMIN / PUBLIC roles are NOT promoted to metadata.owner.team. They land in labels.catalogCreatingRoles (audit signal only) so the contract's owner field reflects the business team, not the role that ran the DDL.

Common errors

CatalogConfigError: snowflake-connector-python missing

Run pip install "data-product-forge[snowflake]".

CatalogPermissionError: USAGE on schema BIZ_LAB.SEEDED required

The adapter's suggestion list contains the exact GRANT command:

GRANT USAGE ON SCHEMA BIZ_LAB.SEEDED TO ROLE ANALYST;

CatalogConnectionError: 250001 (08001): Failed to connect

Check SNOWFLAKE_ACCOUNT matches the part before .snowflakecomputing.com in the Snowsight URL — not the full host, and not just the org name.

Lineage / tags come back empty

Likely missing IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE for the ACCOUNT_USAGE share. The adapter soft-fails on these reads (forge still works) — granting the privilege upgrades subsequent runs.

See also

  • Catalog index
  • fluid forge data-model from-source
  • Snowflake provider page — for the publish-target side (write contracts back to Snowflake).
Edit this page on GitHub
Last Updated: 4/26/26, 10:42 PM
Contributors: fas89, Claude Opus 4.7
Prev
BigQuery Catalog
Next
Databricks Unity Catalog