# NETWORK POLICY

Config path: `/network_policy.yaml`

Example:

```yaml
test_network_policy_1:
  allowed_ip_list:
    - 0.0.0.0/0
  blocked_ip_list:
    - 1.1.1.1
    - 8.8.8.8

test_network_policy_2:
  allowed_network_rule_list:
    - my_db.my_schema.my_rule_1
    - my_db.my_schema.my_rule_2
  blocked_network_rule_list:
    - my_db.my_schema.my_rule_3
    - my_db.my_schema.my_rule_4

```

## Schema

* *{key}* (ident) - name of network policy
* *{value}* (dict)
  * **allowed\_network\_rule\_list** (list)
    * *{items}* (ident) - network rules allowing access to Snowflake account
  * **blocked\_network\_rule\_list** (list)
    * *{items}* (ident) - network rules blocking access to Snowflake account
  * **allowed\_ip\_list** (list)
    * *{items}* (str) - IPv4 addresses that are allowed access to Snowflake account
  * **blocked\_ip\_list** (list)
    * *{items}* (str) - IPv4 addresses that are denied access to Snowflake account
  * **comment** (str) 

## Usage notes

1. It is recommended to review and apply changes to `NETWORK POLICIES` manually due to high security risk.
2. Since `NETWORK POLICIES` are account-level objects and `NETWORK RULES` are schema-level objects, names of network rules should be fully qualified `<database>.<schema>.<name>`.

## Links

* [CREATE NETWORK POLICY](https://docs.snowflake.com/en/sql-reference/sql/create-network-policy.html)
* [ALTER NETWORK POLICY](https://docs.snowflake.com/en/sql-reference/sql/alter-network-policy.html)
* [DESC NETWORK POLICY](https://docs.snowflake.com/en/sql-reference/sql/desc-network-policy.html)
* [Parser & JSON Schema (GitHub)](https://github.com/littleK0i/SnowDDL/blob/master/snowddl/parser/network_policy.py)