With the CData Cmdlets users can install a data module, set the connection properties, and start scripting. This section provides examples of using our AlloyDB Cmdlets with native PowerShell cmdlets, like the CSV import and export cmdlets.

Connecting to AlloyDB

To connect to AlloyDB, set these properties:

• Server: The host name or IP of the server hosting the AlloyDB database.
• Port (optional): The port of the server hosting the AlloyDB database. This property is set to 5432 by default.
• User: The user which will be used to authenticate with the AlloyDB server.
• Password: The password which will be used to authenticate with the AlloyDB server.
• Database (optional): The database to connect to when connecting to the AlloyDB Server. If this is not set, the user's default database will be used.

Authenticating to AlloyDB

AlloyDB supports authentication through the following methods:

• Standard
• pg_hba.conf
  • MD5
  • SASL
• Kerberos
• OAuthJWT

Standard Authentication

Standard authentication (using the user/password combination supplied earlier) is the default form of authentication.

No further action is required to leverage Standard Authentication to connect.

pg_hba.conf Auth Schemes

There are additional methods of authentication supported by the cmdlet which must be enabled in the pg_hba.conf file on the AlloyDB server.

You can find instructions about authentication setup on the AlloyDB Server here.

MD5

You can authenticate using MD5 password verification by setting the auth-method in the pg_hba.conf file to md5.

SASL

The cmdlet can authenticate by verifying the password with SASL (particularly, SCRAM-SHA-256).

To use this authentication method, set the auth-method in the pg_hba.conf file to scram-sha-256.

Kerberos

The authentication with Kerberos is initiated by AlloyDB Server when the CData Cmdlets PowerShell Module for AlloyDB is trying to connect to it. Set up Kerberos on the AlloyDB Server to activate this authentication method. Once you have Kerberos authentication set up on the AlloyDB server, see Using Kerberos for details regarding how to authenticate with Kerberos by the cmdlet.

OAuthJWT

This authentication method allows a Google Cloud service account to authenticate with AlloyDB using a JSON key file.

Prerequisite

Before configuring this authentication method, ensure that you have a Google Cloud service account. You must also generate and download a new key file (JSON-formatted) for that service account.

To obtain this file in the Google Cloud console:

1. Go to IAM & Admin > Service accounts. If you do not have an account already, you must create one (see detailed instructions here.)
2. Click on the email address of your service account (for example, [email protected]).
3. Go to the Keys tab.
4. Select Add Key > Create new key.
5. Select JSON as the key type. Then, click Create.

Note: Once the file for the key is downloaded, it cannot be redownloaded due to security reasons. However, you can generate additional keys as needed.

Authenticate to AlloyDB with OAuthJWT

1. Using IAM administrator tools (IAM & Admin > IAM), grant the new or existing service account the alloydb.databaseUser and serviceusage.serviceUsageConsumer roles.
2. Add that service account to a cluster (see detailed instructions here.)
3. Set the required connection properties:
   • AuthScheme: OAuthJWT.
   • OAuthJWTCertType: GOOGLEJSON.
   • OAuthJWTCert: The path to the service account key file you downloaded (for example, C:\keys\my-gcp-project-service-account.json).
   • User: The service account's address without the .gserviceaccount.com suffix (for example, [email protected]).

Creating a Connection Object

You can then use the Connect-AlloyDB cmdlet to create a connection object that can be passed to other cmdlets:

$conn = Connect-AlloyDB -User 'alloydb' -Password 'admin' -Server '127.0.0.1' -Port '5432' -Database 'alloydb'

Retrieving Data

After you have created a connection, you can use the other cmdlets to perform operations that you would normally expect to be able to perform against a relational database. The Select-AlloyDB cmdlet provides a native PowerShell interface for retrieving data:

$results = Select-AlloyDB -Connection $conn -Table ""alloydb"."schema01".Orders" -Columns @("ShipName, ShipCity") -Where "ShipCountry='USA'"

The Invoke-AlloyDB cmdlet provides an SQL interface. This cmdlet can be used to execute an SQL query via the Query parameter.

Piping Cmdlet Output

The cmdlets return row objects to the pipeline one row at a time. The following line exports results to a CSV file:

Select-AlloyDB -Connection $conn -Table "alloydb"."schema01".Orders -Where "ShipCountry = 'USA'" | Select -Property * -ExcludeProperty Connection,Table,Columns | Export-Csv -Path c:\my"alloydb"."schema01".OrdersData.csv -NoTypeInformation

You will notice that we piped the results from Select-AlloyDB into a Select-Object cmdlet and excluded some properties before piping them into an Export-CSV cmdlet. We do this because the CData Cmdlets append Connection, Table, and Columns information onto each row object in the result set, and we do not necessarily want that information in our CSV file.

However, this makes it easy to pipe the output of one cmdlet to another. The following is an example of converting a result set to JSON:

 
PS C:\> $conn  = Connect-AlloyDB -User 'alloydb' -Password 'admin' -Server '127.0.0.1' -Port '5432' -Database 'alloydb'
PS C:\> $row = Select-AlloyDB -Connection $conn -Table ""alloydb"."schema01".Orders" -Columns (ShipName, ShipCity) -Where "ShipCountry = 'USA'" | select -first 1
PS C:\> $row | ConvertTo-Json
{
  "Connection":  {

  },
  "Table":  ""alloydb"."schema01".Orders",
  "Columns":  [

  ],
  "ShipName":  "MyShipName",
  "ShipCity":  "MyShipCity"
} 

Deleting Data

The following line deletes any records that match the criteria:

Select-AlloyDB -Connection $conn -Table "alloydb"."schema01".Orders -Where "ShipCountry = 'USA'" | Remove-AlloyDB

Modifying Data

The cmdlets make data transformation easy as well as data cleansing. The following example loads data from a CSV file into AlloyDB, checking first whether a record already exists and needs to be updated instead of inserted.

Import-Csv -Path C:\My"alloydb"."schema01".OrdersUpdates.csv | %{
  $record = Select-AlloyDB -Connection $conn -Table "alloydb"."schema01".Orders -Where ("Id = `'"+$_.Id+"`'")
  if($record){
    Update-AlloyDB -Connection $conn -Table "alloydb"."schema01".Orders -Columns @("ShipName","ShipCity") -Values @($_.ShipName, $_.ShipCity) -Where "Id  = `'$_.Id`'"
  }else{
    Add-AlloyDB -Connection $conn -Table "alloydb"."schema01".Orders -Columns @("ShipName","ShipCity") -Values @($_.ShipName, $_.ShipCity)
  }
}