From 37017ab9c26413372ae0f41a17cbc145c85fbcba Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 09:10:53 -0800 Subject: [PATCH 1/8] upd --- docs/app/admin/AdminControls.mdx | 123 ++--------------------- docs/app/admin/ExternalPlatform.mdx | 119 ++++++++++++++++++++++ docs/app/configuration/S3EventConfig.mdx | 2 +- docs/releases/202409.mdx | 2 +- docs/releases/202411.mdx | 2 +- sidebars.js | 5 + 6 files changed, 135 insertions(+), 118 deletions(-) create mode 100644 docs/app/admin/ExternalPlatform.mdx diff --git a/docs/app/admin/AdminControls.mdx b/docs/app/admin/AdminControls.mdx index f10075fe..25013bca 100644 --- a/docs/app/admin/AdminControls.mdx +++ b/docs/app/admin/AdminControls.mdx @@ -10,7 +10,7 @@ import { The Admin page enables administrators to manage user access, configure environment secrets, and view platform integration details. This page can be accessed by clicking on the bubble containing your email address in the top right corner of the top navbar and selecting Environment Settings. -## Access Levels +## Roles Panel The Roles panel shown below enables administrators to specify access levels for different users. The Last Seen column is populated in the permissions panel for users that have accessed Ganymede after [August 2024](../../releases/202408#august-15-2024), when the feature was introduced. @@ -29,7 +29,7 @@ The New User Roles box appears for users with Admin privileges, enabling admins For dashboards, permissions can be viewed by navigating to the dashboards page and clicking Settings > List Users. -## Environment Secrets +## Secrets Panel The Secrets panel enables administrators to configure secrets that are used by Ganymede cloud to connect to external services such as Benchling or AWS. These secrets are specific to the nodes used within a given environment (i.e. - development or production environment). The example shown in the image below shows an environment with a AWS S3 Role ARN specified, enabling connectivity between Ganymede cloud and AWS S3 Storage when using the [S3_Read](../../nodes/App/S3_Read) or [S3_Write](../../nodes/App/S3_Write) nodes. @@ -46,9 +46,9 @@ Secrets cannot be viewed from this panel, so if a secret is lost, it can either Any secrets entered here will not be committed into code, but can be printed by environment users with the *Writer* or *Admin* role in notebooks. -## Environment Version +## Versions Panel -The Environment Version panel displays version information for the Ganymede environment: +The Versions panel displays version information for the Ganymede environment: Admin - Version Panel @@ -57,118 +57,11 @@ The Environment Version panel displays version information for the Ganymede envi - **Agent Versions**: The latest version of each Agent, along with links to historical Agent binaries - **Flow Versions**: The latest version of each Flow, along with links to the Flow Version History page showing commit history for each Flow -## Platform Integration Details - -The Integration panel contains details about the Ganymede environment, which can be used for integration with external systems, as well as for IP whitelisting Ganymede. - -Admin - Integration Panel - -- **Notebook IP address**: IP address for hosted notebook environments -- **Flow Runtime IP address**: IP address for workflow orchestration -- **Notebook Service Account Email**: Service account for notebooks -- **Flow Runtime Service Account Email**: Service account for workflow orchestration -- **AWS Trust Policy JSON**: Role configuration for AWS Policy, to establish connectivity between AWS and Ganymede cloud -- **AWS Bucket CORS**: CORS configuration for AWS S3 buckets - - -### Connecting to an S3 Bucket - -In order to allow Ganymede Flows to read and write to an S3 bucket, follow the steps below for each Ganymede environment that needs access to the bucket: - -1. Identify which S3 buckets you would like to connect to Ganymede -2. Create a Policy that allows the desired access to the bucket(s), replacing `my-bucket` with the name of the bucket(s) you would like to connect to. - - Example: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ListObjectsInBucket", - "Effect": "Allow", - "Action": [ - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::my-bucket" - ] - }, - { - "Sid": "AllObjectActions", - "Effect": "Allow", - "Action": "s3:*Object", - "Resource": [ - "arn:aws:s3:::my-bucket/*" - ] - } - ] - } - ``` - -3. Record the identity number of the Ganymede Environment - - Navigate to the Environment Settings page - - Select the Integration tab - - Record the number in the `accounts.google.com:aud` field - -4. Create the Role in AWS - - In the IAM console, select Roles > Create Role - - Select 'Web Identity' - - Select 'Google' as the Identity Provider - - Enter the identity number from above as the audience - - Press Next - - Select the Policy you created above as the permissions for the Role - - Press Next - - Name the role something like 'ganymede-storage-access' - - Press Create Role - -5. Add the Role ARN as an [environment secret in the Ganymede environment](#environment-secrets) named _aws_s3_role_arn_. - -### Connecting to Ganymede from an External Tool - -Ganymede can generate Service Account credentials for use with other tools, such as BigQuery or ODBC. Access using these credentials is restricted to read-only data of the environment in which they were generated. - -Some examples of tools that can be connected to Ganymede using this approach include: - -#### Dashboarding Tools -- [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) -- [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery) -- [PowerBI](https://learn.microsoft.com/en-us/power-query/connectors/google-bigquery) - -#### Data Analysis Tools -- [Posit Connect (R)](https://solutions.posit.co/connections/db/databases/big-query/) -- [Spotfire](https://www.cdata.com/kb/tech/bigquery-odbc-spotfire.rst) -- [JMP](https://community.jmp.com/t5/Discussions/ODBC-connection-to-Google-BigQuery/td-p/346253) -- [MATLAB](https://github.com/mathworks-ref-arch/matlab-google-bigquery/blob/main/Documentation/BasicUsage.md) -- [Excel](https://cloud.google.com/blog/products/bigquery/how-to-connect-bigquery-to-microsoft-excel-and-other-apps-with-our-new-odbc-driver) - -#### Generating Service Account Credentials - -To do this, follow the steps below: -1. Navigate to the Environment Settings page, Integration tab -Admin - Integration Panel Add Credentials -2. Select 'New Credentials' and enter a description and name for the Credentials -3. Click 'Create' -Admin - Integration Panel Copy Key -4. Copy the JSON key that is displayed and save it to a file. - -:::note - -This key is only displayed once, so be sure to save it in a secure location. - -::: - -:::warning - -Treat this key as a password, as it provides access to the Ganymede environment. - -::: - -5. Use the JSON key to authenticate with the external tool. +## Audit Log +The [Audit panel](../configuration/AuditLog.mdx) tracks historical activity in the environment, including user actions, resource changes, and timestamps. The Audit Log is accessible to all users in the environment. -## Environment Detection in the SDK -The SDK has helper functions to determine the state of the environments, such as production versus -development. Please see [Environment Detection](../../sdk/markdowns/EnvironmentDetection) for more information. +## Integration Panel +The [Integration panel](./ExternalPlatform.mdx) contains details about the Ganymede environment, which can be used for integration with external systems, as well as for IP whitelisting Ganymede. \ No newline at end of file diff --git a/docs/app/admin/ExternalPlatform.mdx b/docs/app/admin/ExternalPlatform.mdx new file mode 100644 index 00000000..db00af2e --- /dev/null +++ b/docs/app/admin/ExternalPlatform.mdx @@ -0,0 +1,119 @@ +--- +id: ExternalPlatform +title: External Platform Integration +displayed_sidebar: webUiSidebar +--- + +import { + UserDeleteOutlined +} from '@ant-design/icons'; + +## Platform Integration Details + +The Integration panel contains details about the Ganymede environment, which can be used for integration with external systems, as well as for IP whitelisting Ganymede. + +Admin - Integration Panel + +- **Notebook IP address**: IP address for hosted notebook environments +- **Flow Runtime IP address**: IP address for workflow orchestration +- **Notebook Service Account Email**: Service account for notebooks +- **Flow Runtime Service Account Email**: Service account for workflow orchestration +- **AWS Trust Policy JSON**: Role configuration for AWS Policy, to establish connectivity between AWS and Ganymede cloud +- **AWS Bucket CORS**: CORS configuration for AWS S3 buckets + + +### Connecting to an S3 Bucket + +In order to allow Ganymede Flows to read and write to an S3 bucket, follow the steps below for each Ganymede environment that needs access to the bucket: + +1. Identify which S3 buckets you would like to connect to Ganymede +2. Create a Policy that allows the desired access to the bucket(s), replacing `my-bucket` with the name of the bucket(s) you would like to connect to. + + Example: + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "ListObjectsInBucket", + "Effect": "Allow", + "Action": [ + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::my-bucket" + ] + }, + { + "Sid": "AllObjectActions", + "Effect": "Allow", + "Action": "s3:*Object", + "Resource": [ + "arn:aws:s3:::my-bucket/*" + ] + } + ] + } + ``` + +3. Record the identity number of the Ganymede Environment + - Navigate to the Environment Settings page + - Select the Integration tab + - Record the number in the `accounts.google.com:aud` field + +4. Create the Role in AWS + - In the IAM console, select Roles > Create Role + - Select 'Web Identity' + - Select 'Google' as the Identity Provider + - Enter the identity number from above as the audience + - Press Next + - Select the Policy you created above as the permissions for the Role + - Press Next + - Name the role something like 'ganymede-storage-access' + - Press Create Role + +5. Add the Role ARN as an [environment secret in the Ganymede environment](./AdminControls.mdx#secrets-panel) named _aws_s3_role_arn_. + +### Connecting to Ganymede from an External Tool + +Ganymede can generate Service Account credentials for use with other tools, such as BigQuery or ODBC. Access using these credentials is restricted to read-only data of the environment in which they were generated. + +Some examples of tools that can be connected to Ganymede using this approach include: + +#### Dashboarding Tools +- [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) +- [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery) +- [PowerBI](https://learn.microsoft.com/en-us/power-query/connectors/google-bigquery) + +#### Data Analysis Tools +- [Posit Connect (R)](https://solutions.posit.co/connections/db/databases/big-query/) +- [Spotfire](https://www.cdata.com/kb/tech/bigquery-odbc-spotfire.rst) +- [JMP](https://community.jmp.com/t5/Discussions/ODBC-connection-to-Google-BigQuery/td-p/346253) +- [MATLAB](https://github.com/mathworks-ref-arch/matlab-google-bigquery/blob/main/Documentation/BasicUsage.md) +- [Excel](https://cloud.google.com/blog/products/bigquery/how-to-connect-bigquery-to-microsoft-excel-and-other-apps-with-our-new-odbc-driver) + +#### Generating Service Account Credentials + +To do this, follow the steps below: +1. Navigate to the Environment Settings page, Integration tab +Admin - Integration Panel Add Credentials +2. Select 'New Credentials' and enter a description and name for the Credentials +3. Click 'Create' +Admin - Integration Panel Copy Key +4. Copy the JSON key that is displayed and save it to a file. + +:::note + +This key is only displayed once, so be sure to save it in a secure location. + +::: + +:::warning + +Treat this key as a password, as it provides access to the Ganymede environment. + +::: + +5. Use the JSON key to authenticate with the external tool. + diff --git a/docs/app/configuration/S3EventConfig.mdx b/docs/app/configuration/S3EventConfig.mdx index e0d4379f..ebe0543a 100644 --- a/docs/app/configuration/S3EventConfig.mdx +++ b/docs/app/configuration/S3EventConfig.mdx @@ -55,7 +55,7 @@ Ganymede Flows can be triggered on file save to an S3 bucket, so that files are 5. Create rule. -3. Enter the API Key configured in step 2.iv into a secret named **s3_api_key** the [Environment Secrets](../admin/AdminControls#environment-secrets) panel. +3. Enter the API Key configured in step 2.iv into a secret named **s3_api_key** the [Environment Secrets](../admin/AdminControls#secrets-panel) panel. 4. Test out the connection using an [S3 Event node](../../nodes/App/S3_Event). diff --git a/docs/releases/202409.mdx b/docs/releases/202409.mdx index 00ff86d4..7e1f41ff 100644 --- a/docs/releases/202409.mdx +++ b/docs/releases/202409.mdx @@ -40,7 +40,7 @@ displayed_sidebar: releaseSideBar ### September 12 2024 **Features** -- **UI**: The [Environment Version summary](../app/admin/AdminControls#environment-version) is available in the Environment Settings menu +- **UI**: The [Environment Version summary](../app/admin/AdminControls#versions-panel) is available in the Environment Settings menu - This summary includes the version number of each Agent, Connection, and Flow in the environment - Clicking an Agent or Flow will show the history of that item - This view can be used in cases where stability and traceability are important diff --git a/docs/releases/202411.mdx b/docs/releases/202411.mdx index 3d4b187f..51e393cd 100644 --- a/docs/releases/202411.mdx +++ b/docs/releases/202411.mdx @@ -7,7 +7,7 @@ displayed_sidebar: releaseSideBar ### November 14 2024 **Features** -- **UI**: Service Accounts can be [exported](../app/admin/AdminControls#connecting-to-ganymede-from-an-external-tool) for use in external applications +- **UI**: Service Accounts can be [exported](../app/admin/ExternalPlatform#connecting-to-ganymede-from-an-external-tool) for use in external applications - Each service account has read-only access to your table data and metadata - Access is scoped to a single environment's data - These can be used in tools that support BigQuery or BigQuery via ODBC. diff --git a/sidebars.js b/sidebars.js index f3010819..a9c01d66 100644 --- a/sidebars.js +++ b/sidebars.js @@ -246,6 +246,11 @@ module.exports = { collapsed: true, items: [ 'app/admin/AdminControls', + { + type: 'doc', + id: 'app/admin/ExternalPlatform', + label: 'External Platform Configuration' + }, { type: 'category', label: 'Authentication', From d24e4cbdf50a41552ba576695a8a0546d6d7649a Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 09:12:59 -0800 Subject: [PATCH 2/8] upd --- docs/app/admin/ExternalPlatform.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/app/admin/ExternalPlatform.mdx b/docs/app/admin/ExternalPlatform.mdx index db00af2e..309853fe 100644 --- a/docs/app/admin/ExternalPlatform.mdx +++ b/docs/app/admin/ExternalPlatform.mdx @@ -13,6 +13,7 @@ import { The Integration panel contains details about the Ganymede environment, which can be used for integration with external systems, as well as for IP whitelisting Ganymede. Admin - Integration Panel +  - **Notebook IP address**: IP address for hosted notebook environments - **Flow Runtime IP address**: IP address for workflow orchestration From 8fc9202d722cab467a5f99dc9a4c82e3e680a5e7 Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 09:25:11 -0800 Subject: [PATCH 3/8] upd --- .wordlist.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.wordlist.txt b/.wordlist.txt index ff6f1e83..ccbba316 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -384,4 +384,7 @@ JMP Spotfire PowerBI Dashboarding - +EventBridge +eventbridge +ExternalPlatform +EventConfig From 1059871694f42468e7acc8fddc79b4415f546736 Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 10:26:40 -0800 Subject: [PATCH 4/8] clarify odbc vs service account connectivity --- docs/app/admin/ExternalPlatform.mdx | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/app/admin/ExternalPlatform.mdx b/docs/app/admin/ExternalPlatform.mdx index 309853fe..cdaabfb8 100644 --- a/docs/app/admin/ExternalPlatform.mdx +++ b/docs/app/admin/ExternalPlatform.mdx @@ -78,21 +78,21 @@ In order to allow Ganymede Flows to read and write to an S3 bucket, follow the s ### Connecting to Ganymede from an External Tool -Ganymede can generate Service Account credentials for use with other tools, such as BigQuery or ODBC. Access using these credentials is restricted to read-only data of the environment in which they were generated. +Ganymede can generate Service Account credentials for use with other tools. Access using these credentials is restricted to read-only data of the environment in which they were generated. Some examples of tools that can be connected to Ganymede using this approach include: #### Dashboarding Tools -- [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) -- [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery) +- [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) - follow the instructions described in Option 2. +- [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery#authentication_with_bigquery_service_accounts) - follow the Authentication with BigQuery Service Accounts instructions - [PowerBI](https://learn.microsoft.com/en-us/power-query/connectors/google-bigquery) #### Data Analysis Tools -- [Posit Connect (R)](https://solutions.posit.co/connections/db/databases/big-query/) -- [Spotfire](https://www.cdata.com/kb/tech/bigquery-odbc-spotfire.rst) -- [JMP](https://community.jmp.com/t5/Discussions/ODBC-connection-to-Google-BigQuery/td-p/346253) -- [MATLAB](https://github.com/mathworks-ref-arch/matlab-google-bigquery/blob/main/Documentation/BasicUsage.md) -- [Excel](https://cloud.google.com/blog/products/bigquery/how-to-connect-bigquery-to-microsoft-excel-and-other-apps-with-our-new-odbc-driver) +- [Posit (R)](https://solutions.posit.co/connections/db/databases/big-query/) - follow the *Using the ODBC Package* instructions using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). +- [Spotfire](https://community.spotfire.com/articles/spotfire/spotfire-and-odbc-data-sources/) - Follow instructions for connecting to an ODBC data source using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). +- [JMP](https://community.jmp.com/t5/Discussions/ODBC-connection-to-Google-BigQuery/td-p/346253) - Establish a connection to BigQuery using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). +- [MATLAB](https://github.com/mathworks-ref-arch/matlab-google-bigquery/blob/main/Documentation/Authentication.md) - Provide service account credentials using the matlab-google-bigquery package. +- [Excel](https://cloud.google.com/blog/products/bigquery/how-to-connect-bigquery-to-microsoft-excel-and-other-apps-with-our-new-odbc-driver) - Install the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers) and reference the data source from Excel. #### Generating Service Account Credentials @@ -117,4 +117,3 @@ Treat this key as a password, as it provides access to the Ganymede environment. ::: 5. Use the JSON key to authenticate with the external tool. - From 6c6e89ee6a2fa40c60fdf8dda5faba70a8ae4913 Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 10:27:48 -0800 Subject: [PATCH 5/8] spellcheck --- .wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.wordlist.txt b/.wordlist.txt index ccbba316..f758d2be 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -388,3 +388,4 @@ EventBridge eventbridge ExternalPlatform EventConfig +Simba From 976f4fbba6e8647871a1203daa8c86c9e50eea7e Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 10:32:25 -0800 Subject: [PATCH 6/8] upd --- docs/app/admin/ExternalPlatform.mdx | 89 ++++++++++++++--------------- sidebars.js | 2 +- 2 files changed, 44 insertions(+), 47 deletions(-) diff --git a/docs/app/admin/ExternalPlatform.mdx b/docs/app/admin/ExternalPlatform.mdx index cdaabfb8..55f0a870 100644 --- a/docs/app/admin/ExternalPlatform.mdx +++ b/docs/app/admin/ExternalPlatform.mdx @@ -8,8 +8,6 @@ import { UserDeleteOutlined } from '@ant-design/icons'; -## Platform Integration Details - The Integration panel contains details about the Ganymede environment, which can be used for integration with external systems, as well as for IP whitelisting Ganymede. Admin - Integration Panel @@ -22,8 +20,49 @@ The Integration panel contains details about the Ganymede environment, which can - **AWS Trust Policy JSON**: Role configuration for AWS Policy, to establish connectivity between AWS and Ganymede cloud - **AWS Bucket CORS**: CORS configuration for AWS S3 buckets +## Connecting to Ganymede from an External Platforms + +Ganymede can generate Service Account credentials for use with other tools. Access using these credentials is restricted to read-only data of the environment in which they were generated. + +Some examples of tools that can be connected to Ganymede using this approach include: + +### Dashboarding Tools +- [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) - follow the instructions described in Option 2. +- [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery#authentication_with_bigquery_service_accounts) - follow the Authentication with BigQuery Service Accounts instructions +- [PowerBI](https://learn.microsoft.com/en-us/power-query/connectors/google-bigquery) - follow the instructions to connect to BigQuery using a service account. + +### Data Analysis Tools +- [Posit (R)](https://solutions.posit.co/connections/db/databases/big-query/) - follow the *Using the ODBC Package* instructions using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). +- [Spotfire](https://community.spotfire.com/articles/spotfire/spotfire-and-odbc-data-sources/) - Follow instructions for connecting to an ODBC data source using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). +- [JMP](https://community.jmp.com/t5/Discussions/ODBC-connection-to-Google-BigQuery/td-p/346253) - Establish a connection to BigQuery using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). +- [MATLAB](https://github.com/mathworks-ref-arch/matlab-google-bigquery/blob/main/Documentation/Authentication.md) - Provide service account credentials using the matlab-google-bigquery package. +- [Excel](https://cloud.google.com/blog/products/bigquery/how-to-connect-bigquery-to-microsoft-excel-and-other-apps-with-our-new-odbc-driver) - Install the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers) and reference the data source from Excel. + +### Generating Service Account Credentials + +To do this, follow the steps below: +1. Navigate to the Environment Settings page, Integration tab +Admin - Integration Panel Add Credentials +2. Select 'New Credentials' and enter a description and name for the Credentials +3. Click 'Create' +Admin - Integration Panel Copy Key +4. Copy the JSON key that is displayed and save it to a file. + +:::note + +This key is only displayed once, so be sure to save it in a secure location. + +::: + +:::warning + +Treat this key as a password, as it provides access to the Ganymede environment. + +::: + +5. Use the JSON key to authenticate with the external tool. -### Connecting to an S3 Bucket +## Connecting to an S3 Bucket In order to allow Ganymede Flows to read and write to an S3 bucket, follow the steps below for each Ganymede environment that needs access to the bucket: @@ -74,46 +113,4 @@ In order to allow Ganymede Flows to read and write to an S3 bucket, follow the s - Name the role something like 'ganymede-storage-access' - Press Create Role -5. Add the Role ARN as an [environment secret in the Ganymede environment](./AdminControls.mdx#secrets-panel) named _aws_s3_role_arn_. - -### Connecting to Ganymede from an External Tool - -Ganymede can generate Service Account credentials for use with other tools. Access using these credentials is restricted to read-only data of the environment in which they were generated. - -Some examples of tools that can be connected to Ganymede using this approach include: - -#### Dashboarding Tools -- [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) - follow the instructions described in Option 2. -- [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery#authentication_with_bigquery_service_accounts) - follow the Authentication with BigQuery Service Accounts instructions -- [PowerBI](https://learn.microsoft.com/en-us/power-query/connectors/google-bigquery) - -#### Data Analysis Tools -- [Posit (R)](https://solutions.posit.co/connections/db/databases/big-query/) - follow the *Using the ODBC Package* instructions using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). -- [Spotfire](https://community.spotfire.com/articles/spotfire/spotfire-and-odbc-data-sources/) - Follow instructions for connecting to an ODBC data source using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). -- [JMP](https://community.jmp.com/t5/Discussions/ODBC-connection-to-Google-BigQuery/td-p/346253) - Establish a connection to BigQuery using the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers). -- [MATLAB](https://github.com/mathworks-ref-arch/matlab-google-bigquery/blob/main/Documentation/Authentication.md) - Provide service account credentials using the matlab-google-bigquery package. -- [Excel](https://cloud.google.com/blog/products/bigquery/how-to-connect-bigquery-to-microsoft-excel-and-other-apps-with-our-new-odbc-driver) - Install the [Simba BigQuery ODBC driver](https://cloud.google.com/bigquery/docs/reference/odbc-jdbc-drivers) and reference the data source from Excel. - -#### Generating Service Account Credentials - -To do this, follow the steps below: -1. Navigate to the Environment Settings page, Integration tab -Admin - Integration Panel Add Credentials -2. Select 'New Credentials' and enter a description and name for the Credentials -3. Click 'Create' -Admin - Integration Panel Copy Key -4. Copy the JSON key that is displayed and save it to a file. - -:::note - -This key is only displayed once, so be sure to save it in a secure location. - -::: - -:::warning - -Treat this key as a password, as it provides access to the Ganymede environment. - -::: - -5. Use the JSON key to authenticate with the external tool. +5. Add the Role ARN as an [environment secret in the Ganymede environment](./AdminControls.mdx#secrets-panel) named _aws_s3_role_arn_. \ No newline at end of file diff --git a/sidebars.js b/sidebars.js index a9c01d66..7eddc982 100644 --- a/sidebars.js +++ b/sidebars.js @@ -249,7 +249,7 @@ module.exports = { { type: 'doc', id: 'app/admin/ExternalPlatform', - label: 'External Platform Configuration' + label: 'External Platform Integration' }, { type: 'category', From a6363d8c144ef265140f55cc4516417bb5689325 Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 10:38:58 -0800 Subject: [PATCH 7/8] upd --- docs/app/admin/ExternalPlatform.mdx | 4 ++-- docs/releases/202411.mdx | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/app/admin/ExternalPlatform.mdx b/docs/app/admin/ExternalPlatform.mdx index d5036da3..a6eb1293 100644 --- a/docs/app/admin/ExternalPlatform.mdx +++ b/docs/app/admin/ExternalPlatform.mdx @@ -20,13 +20,13 @@ The Integration panel contains details about the Ganymede environment, which can - **AWS Trust Policy JSON**: Role configuration for AWS Policy, to establish connectivity between AWS and Ganymede cloud - **AWS Bucket CORS**: CORS configuration for AWS S3 buckets -## Connecting to Ganymede from an External Platforms +## Using Ganymede to Power External Applications Ganymede can generate Service Account credentials for use with other tools. Access using these credentials is restricted to read-only data of the environment in which they were generated. Some examples of tools that can be connected to Ganymede using this approach include: -### Dashboarding Tools +### Dashboarding Software - [Tableau](https://help.tableau.com/current/pro/desktop/en-us/examples_googlebigquery.htm) - follow the instructions described in Option 2. - [Looker](https://cloud.google.com/looker/docs/db-config-google-bigquery#authentication_with_bigquery_service_accounts) - follow the Authentication with BigQuery Service Accounts instructions - [PowerBI](https://learn.microsoft.com/en-us/power-query/connectors/google-bigquery) - follow the instructions to connect to BigQuery using a service account. diff --git a/docs/releases/202411.mdx b/docs/releases/202411.mdx index 51e393cd..de4ea4ce 100644 --- a/docs/releases/202411.mdx +++ b/docs/releases/202411.mdx @@ -7,7 +7,7 @@ displayed_sidebar: releaseSideBar ### November 14 2024 **Features** -- **UI**: Service Accounts can be [exported](../app/admin/ExternalPlatform#connecting-to-ganymede-from-an-external-tool) for use in external applications +- **UI**: Service Accounts can be [exported](../app/admin/ExternalPlatform#using-ganymede-to-power-external-applications) for use in external applications - Each service account has read-only access to your table data and metadata - Access is scoped to a single environment's data - These can be used in tools that support BigQuery or BigQuery via ODBC. From a6532d390a3abeaf356818f359965d249e4616d4 Mon Sep 17 00:00:00 2001 From: Benson Lee Date: Fri, 15 Nov 2024 10:41:10 -0800 Subject: [PATCH 8/8] upd --- docs/app/admin/AdminControls.mdx | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/app/admin/AdminControls.mdx b/docs/app/admin/AdminControls.mdx index 25013bca..32b48c7d 100644 --- a/docs/app/admin/AdminControls.mdx +++ b/docs/app/admin/AdminControls.mdx @@ -61,7 +61,6 @@ The Versions panel displays version information for the Ganymede environment: The [Audit panel](../configuration/AuditLog.mdx) tracks historical activity in the environment, including user actions, resource changes, and timestamps. The Audit Log is accessible to all users in the environment. - ## Integration Panel The [Integration panel](./ExternalPlatform.mdx) contains details about the Ganymede environment, which can be used for integration with external systems, as well as for IP whitelisting Ganymede. \ No newline at end of file