Skip to main content

Privacera Documentation

Migration to PolicySync v2 on Privacera Platform 7.2

The PolicySync configuration has been significantly enhanced. The new configuration is sometimes called "PolicySync version 2" or "v2".

You can now configure multiple connector instances for a single application, such as Databricks SQL or PostgreSQL. Each connector instance can distribute policies to a separate instance of the third-party system. In addition, each connector can be configured to distribute policies from its own separate policy repository.

Steps to migrate old PolicySync properties to the new framework

The general process for migrating from older versions of PolicySync to the new framework is to create new subdirectories in Privacera Manager specifically for connectors with new YAML files and copy the values of your old properties to the new property names in the new YAML files.

  1. Become familiar with the new PolicySync directory structure described at PolicySync design and configuration on Privacera Platform.PolicySync design and configuration on Privacera Platform

  2. Make a backup copy of all your current, unmigrated properties files:

    cd ~/privacera/privacera-manager
    mkdir policysync-vars-backup
    mv config/custom-vars/vars.policysync.*.yml policysync-vars-backup/ 
  3. For each of your connectors, create the new required basic directory structure following the steps detailed at PolicySync design and configuration on Privacera Platform.PolicySync design and configuration on Privacera Platform

    In this example, we create a production connector instance directory for PostgreSQL and change directory to it:

    cd ~/privacera/privacera-manager/config/custom-vars/connectors
    mkdir postgres/postgres-prod-instance
    cd postgres/postgres-prod-instance
  4. Copy the skeleton properties YAML file from ~/privacera/privacera-manager/config/sample-vars to the new instance directory properties YAML file.

    Note

    The name of the new file must be as shown below: vars.connector.<ConnectorName>.yml, in this example vars.connector.postgres.yml.

    cp ~/privacera/privacera-manager/config/sample-vars/vars.connector.postgres.yml

    The complete path to the new properties file is now:

    ~/privacera/privacera-manager/config/custom-vars/connectors/postgres/postgres-prod-instance/vars.connector.postgres.yml   
    
  5. Edit the new properties file (in this example, vars.connector.postgres.yml) to bring forward the values for the new property names.

    You can compare the property values in your backup files to the new property names and cut-and-paste the old values into the new property setting.

    The new property names have the string CONNECTOR_ prepended to the old property name. For example:

    • Old property name: POSTGRES_JDBC_URL

    • New property name: CONNECTOR_POSTGRES_JDBC_URL

    Repeat bringing forward the desired values for all connectors you want to configure.

  6. Enable PolicySync for this connector instance by setting the following property:

    CONNECTOR_POSTGRES_ENABLE: true
  7. Save the YAML file.

  8. Stop the previous PolicySync deployment.

    • On Kubernetes:

      # Check existing running policysync deployment
      kubectl get deployment -n <namespace>
      # Scale down existing deployment
      kubectl scale --replicas=0 deployment/policysyncv2 -n <namespace>
      
    • On Docker:

      cd ~/privacera/docker
      ./privacera_services stop policysyncv2
  9. Restart Privacera Manager to put the new configuration into effect:

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
  10. If you're running on Kubernetes, after successfully updating Privacera Manager, delete the existing deployment:

    kubectl delete deploy policysyncv2 -n <namespace>