-
Notifications
You must be signed in to change notification settings - Fork 250
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5663 from EnterpriseDB/release/2024-05-21a
Release/2024-05-21a
- Loading branch information
Showing
58 changed files
with
586 additions
and
150 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
189 changes: 189 additions & 0 deletions
189
...ocs/biganimal/release/administering_cluster/aws_secrets_manager_integration.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,189 @@ | ||
--- | ||
title: "AWS Secrets Manager integration" | ||
--- | ||
|
||
With BigAnimal, you can use AWS Secrets Manager. AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, access keys, and other secrets throughout their lifecycle. | ||
|
||
To create a secret manager: | ||
|
||
1. Create a PostgreSQL cluster on the BigAnimal portal. | ||
|
||
1. Create and save an [access key](../reference/access_key/#create-your-personal-access-key). | ||
|
||
1. Create a secret in AWS Secrets Manager for your psql credentials. | ||
|
||
Create the secret manager using a Lambda script or using the AWS console: | ||
|
||
- Lambda script: | ||
|
||
```shell | ||
import boto3 | ||
import json | ||
|
||
def create_secret(secret_name, username, password, database, host): | ||
client = boto3.client('secretsmanager') | ||
|
||
secret_string = json.dumps({ | ||
"username": username, | ||
"password": password, | ||
"engine": "postgresql", | ||
"host": host, | ||
"dbname": database, | ||
"port": 5432 | ||
}) | ||
|
||
response = client.create_secret( | ||
Name=secret_name, | ||
SecretString=secret_string | ||
) | ||
|
||
return response | ||
``` | ||
|
||
Using the created secret: | ||
|
||
```shell | ||
create_secret('mySecretName', 'myUsername', 'myPassword', 'myDatabase', 'myHost') | ||
``` | ||
|
||
- AWS console: | ||
|
||
1. Search for Secret Manager under Services. | ||
1. Select **Store a new secret**. | ||
1. On the **Choose secret type** page, select **Credentials for other databases** and provide: | ||
- Username | ||
- Password | ||
- Encryption key | ||
- Database | ||
Provide the server address, database name and port as per the selected database engine. Select **Next**. | ||
1. On the **Configure secret** page, provide **Secret name**. Optionally, you can provide: | ||
- Description | ||
- Tags | ||
- Resource permissions | ||
- Replicate secret | ||
Select **Next**. | ||
1. Optionally, on the **Configure rotation** page, provide details. | ||
1. Review the code in different languages like: Java, JavaScript, C#, Python3, Ruby, Go, and Rust. To create the secret manager, select **Store**. | ||
|
||
1. Create the secret in the centralized Secrets Manager for your access key. | ||
|
||
1. Create a sample login application. | ||
|
||
For example, using a Lambda script: | ||
|
||
```shell | ||
[cloudshell-user@ip-10-130-83-78 ~]$ cat lambda_connect.py | ||
import json | ||
import boto3 | ||
import base64 | ||
import psycopg2 | ||
region = 'us-east-1' | ||
|
||
client = boto3.client('secretsmanager', region_name=region) | ||
response = client.get_secret_value( | ||
SecretId='dev/toy/demo' | ||
) | ||
|
||
secretDict = json.loads(response['SecretString']) | ||
|
||
connection = psycopg2.connect( | ||
user=secretDict['username'], | ||
password=secretDict['password'], | ||
host=secretDict['host'], | ||
port=secretDict['port'], | ||
sslmode='require', | ||
database=secretDict['dbname']) | ||
|
||
mycursor = connection.cursor() | ||
|
||
create = "create table Demo0503(Toyota int)" | ||
#sql = "INSERT into secretmgr(id,name) values (%s, %s)" | ||
#value = (2, "Toyota_Demo") | ||
mycursor.execute(create) | ||
|
||
connection.commit() | ||
``` | ||
|
||
Fetch all the rows from the database: | ||
|
||
```shell | ||
print(mycursor.rowcount, "record") | ||
``` | ||
|
||
## Example | ||
|
||
In this example, a script file has all the commands required to create a Secrets Manager rotation Lambda function, execute the rotation script, and execute the sample application. | ||
|
||
```shell | ||
cat gen_pass_rotate_bigani_and_secretmgr_pass.py | ||
import os | ||
import secrets | ||
import string | ||
import requests | ||
import json | ||
import boto3 | ||
|
||
# Get the key from an environment variable | ||
key = os.getenv("MY_SECRET_KEY") | ||
if not key: | ||
raise ValueError("Missing secret key") | ||
|
||
def generate_password(length): | ||
alphabet = string.ascii_letters + string.digits + string.punctuation | ||
password = ''.join(secrets.choice(alphabet) for i in range(length)) | ||
return password | ||
|
||
# Generate a 12-character password | ||
password = generate_password(12) | ||
|
||
try: | ||
lambda_func = lambda: requests.patch( | ||
"https://portal.biganimal.com/api/v3/projects/prj_30GlIxgAyvWhtmn3/clusters/p-hxx6mp2mtw", | ||
data=json.dumps({"password": password}), | ||
headers={ | ||
"Content-Type": "Application/JSON", | ||
"x-access-key": key | ||
} | ||
) | ||
|
||
# Display the password | ||
response = lambda_func() | ||
response.raise_for_status() # Raises a HTTPError if the status is 4xx, 5xx | ||
except requests.exceptions.RequestException as e: | ||
print(f"Request failed: {e}") | ||
raise | ||
|
||
print(response.status_code) | ||
print(response.text) | ||
|
||
def update_password_in_secret(secret_name): | ||
new_password = password | ||
client = boto3.client('secretsmanager') | ||
|
||
try: | ||
# Get the current secret | ||
response = client.get_secret_value(SecretId=secret_name) | ||
secret_data = json.loads(response['SecretString']) | ||
|
||
# Update the password field | ||
secret_data['password'] = new_password | ||
|
||
# Store the updated secret | ||
update_response = client.update_secret( | ||
SecretId=secret_name, | ||
SecretString=json.dumps(secret_data) ) | ||
|
||
except client.exceptions.ClientError as e: | ||
print(f"Failed to update secret: {e}") | ||
raise | ||
|
||
return new_password, update_response | ||
|
||
# Usage - Run the the password update on AWS Secret Manager | ||
try: | ||
new_password, response = update_password_in_secret('/dev/toyota/demo') | ||
except Exception as e: | ||
print(f"Failed to update password in secret: {e}") | ||
raise | ||
``` | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
12 changes: 12 additions & 0 deletions
12
product_docs/docs/biganimal/release/release_notes/2024_04_apr_rel_notes.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
title: BigAnimal April 2024 release notes | ||
navTitle: April 2024 | ||
--- | ||
|
||
In April 2024 BigAnimal saw the following enhancements and bugfixes: | ||
|
||
| Type | Description | | ||
|------|-------------| | ||
| Enhancement | A known issue "A PGD replication slot may fail to transition cleanly from disconnect to catch up" with EDB Postgres Distributed has been resolved. With this resolution, for example, if you were to delete a VM as part of a fault injection exercise, the replication slot will reconnect in a timely manner. | | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
3ab29f2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
π Published on https://edb-docs-staging.netlify.app as production
π Deployed on https://664cd3081b845d153067120f--edb-docs-staging.netlify.app
3ab29f2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
π Published on https://edb-docs.netlify.app as production
π Deployed on https://664cd3c6ddfe671529dd34a9--edb-docs.netlify.app