feat: auto-apply Snowflake ownership object tags on publish#26
Open
Vinay Shende (vinay79n) wants to merge 7 commits into
Open
feat: auto-apply Snowflake ownership object tags on publish#26Vinay Shende (vinay79n) wants to merge 7 commits into
Vinay Shende (vinay79n) wants to merge 7 commits into
Conversation
… tables which get published.
There was a problem hiding this comment.
Pull request overview
Adds first-class Snowflake table-ownership tagging to the Metaflow publish “chokepoints” and introduces an admin helper view that surfaces those tags via a central registry view.
Changes:
- Introduces
_snowflake/object_tags.pyto derive/validate ownership tags, generateALTER TABLE … SET TAGSQL, and apply tags (warn-only on tagging failures). - Wires optional
tagsoverrides intopublish()andpublish_pandas()and applies tags for production tables. - Adds
create_ownership_registry_view()+ docs to create/query theTABLE_OWNERSHIP_REGISTRYview; bumps version to0.5.0.
Reviewed changes
Copilot reviewed 11 out of 12 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| uv.lock | Bumps locked project version to 0.5.0. |
| pyproject.toml | Bumps package version to 0.5.0 and updates authors. |
| src/ds_platform_utils/_snowflake/object_tags.py | New tag derivation/SQL builder/apply helpers for Snowflake object tags. |
| src/ds_platform_utils/metaflow/write_audit_publish.py | Adds tags parameter and applies tags post-SWAP in production. |
| src/ds_platform_utils/metaflow/pandas.py | Adds tags parameter and applies tags in production for both direct and S3-stage paths. |
| src/ds_platform_utils/metaflow/registry.py | New helper to create the ownership registry view in Snowflake. |
| src/ds_platform_utils/metaflow/init.py | Exports create_ownership_registry_view. |
| tests/unit_tests/snowflake/test__object_tags.py | New unit tests for tag derivation, SQL construction, and apply behavior. |
| README.md | Links to the new create_ownership_registry_view docs page. |
| docs/metaflow/publish.md | Documents the new tags param and ownership-tag behavior. |
| docs/metaflow/publish_pandas.md | Documents the new tags param and ownership-tag behavior. |
| docs/metaflow/create_ownership_registry_view.md | New docs for creating/querying the registry view. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…proved error handling , github copilot suggested code chnages
… tags Owner now derives from domain (ds-<domain>-team); tags co-locate with the table's schema; adds a functional test for the tagging path.
Team decided dev (DATA_SCIENCE_STAGE) tables shouldn't be tagged. Re-gate publish()/publish_pandas() on current.is_production; keep the owner-from- domain derivation, validation, and expanded allowed values.
Chinmay (chinmay-dolli-pattern)
previously approved these changes
Jun 23, 2026
… tag and enhance related documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the table-ownership RFC (RFC: Snowflake table ownership via object tags) by tagging tables through the existing publish chokepoint instead of hundreds of hand-written ALTER statements.
_snowflake/object_tags.py:build_table_tags— derives TEAM/DOMAIN/PROJECT from Metaflow context, defaults STATUS=active, validates STATUS/SLA against allowed-value lists. OWNER is resolved by priority: explicittags={"owner": ...}→ owning-team aliasds-<domain>-teamwhen the domain is known →unknown(we don't usecurrent.username, which on argo/deployed runs is a service identity, not a person).build_set_tag_sql/apply_table_tags— build and run theALTER ... SET TAG, with identifier validation to block SQL injection and warn-don't-fail behavior (a missing tag def or missingAPPLYnever breaks a successful publish).publish()andpublish_pandas()via a new optionaltagsoverride. Tags are applied only to production tables (DATA_SCIENCE); non-prod (DATA_SCIENCE_STAGE) runs are left untouched.metaflow/registry.py:create_ownership_registry_view()+ TABLE_OWNERSHIP_REGISTRY view (plain view, adoption-based, no refresh needed; ~2hACCOUNT_USAGElag — useINFORMATION_SCHEMA.TAG_REFERENCES/SYSTEM$GET_TAGfor real-time checks).object_tags.py(derivation, owner priority, validation, warn-don't-fail).publish/publish_pandasownership-tags sections + registry view page.Admin prerequisites (per the RFC §3): in
PATTERN_DB.DATA_SCIENCE, create the 7TABLE_*tag definitions (withALLOWED_VALUESonTABLE_STATUS/TABLE_SLA) and grant the publishing roleAPPLYon each. Until then, tagging is skipped with a warning (publish still succeeds).ClickUp card - DS-2491