Summary
Encountering error during schema discovery with Snowflake source connector in Airbyte setup when using APIs. Error message indicates IP/Token not allowed to access Snowflake.
Question
Hey Everyone,
I’m encountering an unusual issue with the Snowflake source connector in our Airbyte setup, and I could use some assistance.
Details:
• We’re running Airbyte on Kubernetes.
• The problem specifically relates to the Snowflake source connector.
• This problem is for a specific Snowflake instance, all other snowflake instances works as expected
Issue:
• When using Airbyte’s UI to connect to Snowflake, everything works fine. I’m able to test the connection and successfully discover the schema.
• However, when attempting the same operations using Airbyte’s APIs, I encounter an error during schema discovery:
net.snowflake.client.jdbc.SnowflakeSQLException: Incoming request with IP/Token <Some IP> is not allowed to access Snowflake. Contact your account administrator. For more information about this error, go to <https://community.snowflake.com/s/ip-xxxxxxxxxxxx-is-not-allowed-to-access>.
Troubleshooting:
• I’ve verified that the JDBC URL remains consistent across all scenarios.
Any insights or assistance would be greatly appreciated!
This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want to access the original thread.
Join the conversation on Slack
["snowflake-source-connector", "airbyte-setup", "kubernetes", "api", "schema-discovery", "snowflake-instance", "error"]
From the error, it looks like maybe your network policy is disallowing the IP ranges of your Airbyte cluster.
https://docs.snowflake.com/en/sql-reference/sql/create-network-policy
The Snowflake UI obviously is allowed to access the cluster, because it is hosted in Snowflake’s DCs
The KB article linked from the error message is valid: https://community.snowflake.com/s/ip-xxxxxxxxxxxx-is-not-allowed-to-access
> Issue
> User attempted to log in to Snowflake from an IP address which is not allowed to access Snowflake.
> Cause
> The customer account has an active <https://docs.snowflake.net/manuals/user-guide/network-policies.html|Network Policy> or <Controlling network traffic with network policies | Snowflake Documentation Policy with Network Rule> applied at the user or account level and the user’s IP address is either in the Blocked List or not in the Allowed List of the network policy configuration
> Solution
> • User must contact their account administrator to update the network policy and allow the IP address mentioned in the error message
> • If an account administrator user is blocked or has left the company, please submit a case with <https://community.snowflake.com/s/how-to-contact-snowflake-support|Snowflake Support> for assistance.
>
Hey thanks for you reply. Upon investigating further, we found that in our airbyte cluster we have a another public IP assigned to the autoscaler group which includes worker pods. Not what i am wondering is that, how was the operation to discover schema successful when making the same call through Airbyte UI vs us using the APIs
You are running on K8S, so the worker pods spawn specific source + dest job pods; these may not be co-located with the workers; unless you are using some node selector to constrain where they run. they might be running on the same nodes as the ui or whichever node ips that were previously whitelisted.
Sorry i missed your message. But this points me in the right direction. Thanks for the help.