Skip to content

Migrating from managing Connector configurations from Privacera Manager YAML configurations to Privacera Portal

Starting with the 9.0.22.1 release, Privacera introduced a new method for managing connector configurations through the Privacera Portal. This enhancement allows users to create and manage connector instances directly from the portal, eliminating the need for YAML configurations in Privacera Manager. For more information, refer to the Managing Connector Configurations from Privacera Portal section.

This is supported only from Privacera Release Version 9.0.22.1 for the connectors listed below.

Connector Name Supported from Privacera Release Version
🟢 BigQuery 9.0.22.1
🟢 Databricks Unity Catalog 9.0.25.1
🟢 Snowflake 9.0.25.1

Limitations and Considerations

  1. This migration process is only applicable for Self-Managed Deployments and does not apply to Privacera Cloud or Dataplane deployments.
  2. Ensure that the configuration in the Privacera Portal matches the YAML file exactly. Any discrepancies could result in the unintended revocation of permissions for resources that should not be managed by Privacera.
  3. For any issues or concerns during the migration process, please contact Privacera support.

Prerequisites

  1. You must be using Privacera Manager YAML configurations to manage your connector configurations.

Setup

Replace the following placeholders in the commands below

  • Replace <CONNECTOR_TYPE> with the type of connector you are using (e.g. bigquery).
  • Replace <CONNECTOR_ENV> with the environment name of your connector (e.g. prod, dev, etc.).

  1. SSH into the instance where Privacera Manager is installed.

  2. Upgrade Privacera Version:

    • Follow the instructions in the Upgrade Privacera guide to upgrade your Privacera version.

  3. Backup Existing Applications:

    • Before starting the migration process, ensure you create a backup of the existing applications.
      Bash
      1
2
      mkdir -p ~/privacera/backup/connector-config
cp -r ~/privacera/privacera-manager/config/custom-vars/connectors/<CONNECTOR_TYPE> ~/privacera/backup/connector-config
    • Example:
      Bash
      1
2
      mkdir -p ~/privacera/backup/connector-config
cp -r ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery ~/privacera/backup/connector-config

  4. Find CONNECTOR_ENV name:

    • Considering you have created bigquery connector instance at location as: ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery/prod/vars.connector.bigquery.yml. In this case prod will be your CONNECTOR_ENV name.

  5. After Backup, Delete the Connector Instance Folder:

    • Delete the connector instance folder from the custom-vars directory.
      Bash
      1
      rm -rf ~/privacera/privacera-manager/config/custom-vars/connectors/<CONNECTOR_TYPE>/<CONNECTOR_ENV>/
    • Example:
      Bash
      1
      rm -rf ~/privacera/privacera-manager/config/custom-vars/connectors/bigquery/prod/

  6. Set up the Ops Server if it hasn't been configured yet. To enable the shared secret and set a password, add the following properties to the vars.ops-server.yaml file:

    Note

    Replace <SharedSecretPassword> with the desired password for the shared secret.

    YAML
    1
2
    OPS_SERVER_SHARED_SECRET_ENABLED: "true"
OPS_SERVER_SHARED_SECRET: "<SharedSecretPassword>"

  7. Create an Application on the Self-Managed portal with the same name as the<CONNECTOR_ENV>.

  8. Create a Connector Instance:

    • In the Self Managed Portal, navigate to Settings > Applications.
    • Select the type of connector you want to create e.g. BigQuery.
    • Click the ADD APPLICATION button in the top-right corner.
    • Enter a Name and Description for the application. The name can be any identifier of your choice. (e.g. BigQuery Connector). Click Save.
    • Enable the Access Management option with toggle button.
    • Enter the required configuration values in the BASIC and ADVANCED tabs, then click SAVE.
    • The application will be saved in the Ops Server database.

  9. Download Configuration:

    • Click the icon in the Action column to download the configuration as a YML file.
    • A zip file containing the YML file for the connector instance will be downloaded.

  10. Deploy Connector on PM host:

    Make sure you have taken a backup of the existing application configurations before proceeding.

    • Copy the downloaded zip file to the following location on Privacera Manager instance:
      Bash
      1
      cd ~/privacera/privacera-manager/config/custom-vars/
    • Unzip the downloaded zip file:
      Bash
      1
      unzip <zip_file_name>.zip
    • Add additional configurations needed for specific connectors in the vars.connector.<connector_type>.yml file.

  11. Upgrade the Privacera Manager Instance:

    • Execute the following commands to upgrade the Privacera Manager instance:

    Make sure you have done the following before upgrading

    • Ensure you have created an application on the Self-Managed portal with the same name as the connector environment name.
    • Verify that the configuration in the Portal matches the one in the YAML file.
    • Double-check the managed and excluded resources between the YAML file and the Portal. Any mismatch could result in revoking permissions for resources that should not be managed by Privacera

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

Comments