From debbd2ba56548d13594bb2ca394eb899bfddf409 Mon Sep 17 00:00:00 2001 From: Tomi Eckert Date: Tue, 9 Sep 2025 16:14:54 +0200 Subject: [PATCH] update key manager --- hdb_keymanager.sh | 91 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 81 insertions(+), 10 deletions(-) diff --git a/hdb_keymanager.sh b/hdb_keymanager.sh index b432f96..b37816d 100644 --- a/hdb_keymanager.sh +++ b/hdb_keymanager.sh @@ -1,6 +1,6 @@ #!/bin/bash -# A script to interactively manage SAP HANA hdbuserstore keys. +# A script to interactively manage SAP HANA hdbuserstore keys, with testing. # --- Style Definitions --- COLOR_BLUE='\033[1;34m' @@ -9,11 +9,44 @@ COLOR_YELLOW='\033[1;33m' COLOR_RED='\033[1;31m' COLOR_NC='\033[0m' # No Color -HDB_EXECUTABLE_PATH="/usr/sap/hdbclient/hdbuserstore" +# --- Configuration --- +# Adjust these paths if your HANA client is installed elsewhere. +HDB_CLIENT_PATH="/usr/sap/hdbclient" +HDB_USERSTORE_EXEC="${HDB_CLIENT_PATH}/hdbuserstore" +HDB_SQL_EXEC="${HDB_CLIENT_PATH}/hdbsql" + +# --- Function: Test Key Connection --- +# @param $1: The key name to test. +# @return: 0 for success, 1 for failure. +test_key() { + local key_to_test=$1 + if [ -z "$key_to_test" ]; then + echo -e "${COLOR_RED} โŒ Error: No key name provided for testing.${COLOR_NC}" + return 1 + fi + + echo -e "\n${COLOR_YELLOW}๐Ÿงช Testing connection for key '${key_to_test}'...${COLOR_NC}" + + # Execute hdbsql, capturing both stdout and stderr. + # The query is simple and lightweight, designed just to validate the connection. + test_output=$("$HDB_SQL_EXEC" -U "$key_to_test" "SELECT 'Connection successful' FROM DUMMY" 2>&1) + local exit_code=$? + + if [ $exit_code -eq 0 ] && [[ "$test_output" == *"Connection successful"* ]]; then + echo -e "${COLOR_GREEN} โœ… Connection test successful!${COLOR_NC}" + return 0 + else + echo -e "${COLOR_RED} โŒ Connection test failed for key '${key_to_test}'.${COLOR_NC}" + echo -e "${COLOR_RED} Error details:${COLOR_NC}" + # Indent the error message for better readability. + echo "$test_output" | sed 's/^/ /' + return 1 + fi +} # --- Function: Create New Key --- create_new_key() { - current_hostname=$(hostname) + current_hostname=$(hostname) echo -e "\n${COLOR_BLUE}๐Ÿ”‘ --- Create New Secure Key ---${COLOR_NC}" read -p "Enter the Key Name [CRONKEY]: " key_name @@ -34,14 +67,26 @@ create_new_key() { echo -e "\n${COLOR_YELLOW}๐Ÿ“ Review the command below (password is hidden):" echo "------------------------------------------------------" - printf "${HDB_EXECUTABLE_PATH} SET \"%s\" \"%s\" \"%s\" \"\"\n" "$key_name" "$CONNECTION_STRING" "$hdb_user" + printf "${HDB_USERSTORE_EXEC} SET \"%s\" \"%s\" \"%s\" \"\"\n" "$key_name" "$CONNECTION_STRING" "$hdb_user" echo -e "------------------------------------------------------${COLOR_NC}" read -p "โ“ Execute this command? (y/n): " execute_now if [[ "$execute_now" =~ ^[Yy]$ ]]; then echo -e "\n${COLOR_GREEN}โš™๏ธ Executing command...${COLOR_NC}" - if "$HDB_EXECUTABLE_PATH" SET "$key_name" "$CONNECTION_STRING" "$hdb_user" "$hdb_pass"; then - echo -e "${COLOR_GREEN} โœ… Success! Key '${key_name}' stored securely.${COLOR_NC}" + # Create the key first + if "$HDB_USERSTORE_EXEC" SET "$key_name" "$CONNECTION_STRING" "$hdb_user" "$hdb_pass"; then + echo -e "${COLOR_GREEN} โœ… Success! Key '${key_name}' stored locally.${COLOR_NC}" + + # Immediately test the new key + if ! test_key "$key_name"; then + # If the test fails, roll back by deleting the key + echo -e "\n${COLOR_YELLOW} ๋กค Rolling back: Deleting the newly created key '${key_name}' due to connection failure.${COLOR_NC}" + if "$HDB_USERSTORE_EXEC" DELETE "$key_name"; then + echo -e "${COLOR_GREEN} โœ… Key '${key_name}' successfully deleted.${COLOR_NC}" + else + echo -e "${COLOR_RED} โŒ Error: Failed to automatically delete the key '${key_name}'. Please remove it manually.${COLOR_NC}" + fi + fi else echo -e "${COLOR_RED} โŒ Error: Failed to store key '${key_name}'. Please check details and credentials.${COLOR_NC}" fi @@ -54,7 +99,7 @@ create_new_key() { delete_key() { echo -e "\n${COLOR_BLUE}๐Ÿ—‘๏ธ --- Delete Existing Secure Key ---${COLOR_NC}" - keys=$("$HDB_EXECUTABLE_PATH" list 2>/dev/null | tail -n +3 | grep '^KEY ' | awk '{print $2}') + keys=$("$HDB_USERSTORE_EXEC" list 2>/dev/null | tail -n +3 | grep '^KEY ' | awk '{print $2}') if [ -z "$keys" ]; then echo -e "${COLOR_YELLOW}๐Ÿคท No keys found to delete.${COLOR_NC}" return @@ -66,7 +111,7 @@ delete_key() { read -p "โ“ PERMANENTLY delete the key '$key_to_delete'? (y/n): " confirm if [[ "$confirm" =~ ^[Yy]$ ]]; then echo -e "\n${COLOR_GREEN}โš™๏ธ Deleting key '$key_to_delete'...${COLOR_NC}" - if "$HDB_EXECUTABLE_PATH" DELETE "$key_to_delete"; then + if "$HDB_USERSTORE_EXEC" DELETE "$key_to_delete"; then echo -e "${COLOR_GREEN} โœ… Success! Key '$key_to_delete' has been deleted.${COLOR_NC}" else echo -e "${COLOR_RED} โŒ Error: Failed to delete the key.${COLOR_NC}" @@ -81,12 +126,35 @@ delete_key() { done } +# --- Function: List and Test a Key --- +list_and_test_key() { + echo -e "\n${COLOR_BLUE}๐Ÿงช --- Test an Existing Secure Key ---${COLOR_NC}" + + keys=$("$HDB_USERSTORE_EXEC" list 2>/dev/null | tail -n +3 | grep '^KEY ' | awk '{print $2}') + if [ -z "$keys" ]; then + echo -e "${COLOR_YELLOW}๐Ÿคท No keys found to test.${COLOR_NC}" + return + fi + + PS3=$'\nPlease select a key to test (or Ctrl+C to cancel): ' + select key_to_test in $keys; do + if [ -n "$key_to_test" ]; then + test_key "$key_to_test" + break + else + echo -e "${COLOR_RED}โŒ Invalid selection. Try again.${COLOR_NC}" + fi + done +} + + # --- Main Menu --- while true; do echo -e "\n${COLOR_BLUE}๐Ÿ” ========== SAP HANA Secure User Store Key Manager ==========${COLOR_NC}" echo "1) Create a New Key" echo "2) Delete an Existing Key" - echo "3) Exit" + echo "3) Test an Existing Key" + echo "4) Exit" read -p $'\nPlease select an option: ' choice @@ -98,6 +166,9 @@ while true; do delete_key ;; 3) + list_and_test_key + ;; + 4) echo "๐Ÿ‘‹ Exiting." exit 0 ;; @@ -105,4 +176,4 @@ while true; do echo -e "${COLOR_RED}โŒ Invalid option '$choice'. Please try again.${COLOR_NC}" ;; esac -done \ No newline at end of file +done