tomi/Scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update key manager

Browse Source
This commit is contained in:
Tomi Eckert
2025-09-09 16:14:54 +02:00
parent 81d1612308
commit debbd2ba56
1 changed files with 81 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
hdb_keymanager.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# A script to interactively manage SAP HANA hdbuserstore keys. # A script to interactively manage SAP HANA hdbuserstore keys, with testing.
# --- Style Definitions --- # --- Style Definitions ---
COLOR_BLUE='\033[1;34m' COLOR_BLUE='\033[1;34m'
@@ -9,11 +9,44 @@ COLOR_YELLOW='\033[1;33m'
COLOR_RED='\033[1;31m' COLOR_RED='\033[1;31m'
COLOR_NC='\033[0m' # No Color COLOR_NC='\033[0m' # No Color
HDB_EXECUTABLE_PATH="/usr/sap/hdbclient/hdbuserstore" # --- Configuration ---
# Adjust these paths if your HANA client is installed elsewhere.
HDB_CLIENT_PATH="/usr/sap/hdbclient"
HDB_USERSTORE_EXEC="${HDB_CLIENT_PATH}/hdbuserstore"
HDB_SQL_EXEC="${HDB_CLIENT_PATH}/hdbsql"
# --- Function: Test Key Connection ---
# @param $1: The key name to test.
# @return: 0 for success, 1 for failure.
test_key() {
local key_to_test=$1
if [ -z "$key_to_test" ]; then
echo -e "${COLOR_RED} ❌ Error: No key name provided for testing.${COLOR_NC}"
return 1
fi
echo -e "\n${COLOR_YELLOW}🧪 Testing connection for key '${key_to_test}'...${COLOR_NC}"
# Execute hdbsql, capturing both stdout and stderr.
# The query is simple and lightweight, designed just to validate the connection.
test_output=$("$HDB_SQL_EXEC" -U "$key_to_test" "SELECT 'Connection successful' FROM DUMMY" 2>&1)
local exit_code=$?
if [ $exit_code -eq 0 ] && [[ "$test_output" == *"Connection successful"* ]]; then
echo -e "${COLOR_GREEN} ✅ Connection test successful!${COLOR_NC}"
return 0
else
echo -e "${COLOR_RED} ❌ Connection test failed for key '${key_to_test}'.${COLOR_NC}"
echo -e "${COLOR_RED} Error details:${COLOR_NC}"
# Indent the error message for better readability.
echo "$test_output" | sed 's/^/ /'
return 1
fi
}
# --- Function: Create New Key --- # --- Function: Create New Key ---
create_new_key() { create_new_key() {
current_hostname=$(hostname) current_hostname=$(hostname)
echo -e "\n${COLOR_BLUE}🔑 --- Create New Secure Key ---${COLOR_NC}" echo -e "\n${COLOR_BLUE}🔑 --- Create New Secure Key ---${COLOR_NC}"
read -p "Enter the Key Name [CRONKEY]: " key_name read -p "Enter the Key Name [CRONKEY]: " key_name
@@ -34,14 +67,26 @@ create_new_key() {
echo -e "\n${COLOR_YELLOW}📝 Review the command below (password is hidden):" echo -e "\n${COLOR_YELLOW}📝 Review the command below (password is hidden):"
echo "------------------------------------------------------" echo "------------------------------------------------------"
printf "${HDB_EXECUTABLE_PATH} SET \"%s\" \"%s\" \"%s\" \"<password>\"\n" "$key_name" "$CONNECTION_STRING" "$hdb_user" printf "${HDB_USERSTORE_EXEC} SET \"%s\" \"%s\" \"%s\" \"<password>\"\n" "$key_name" "$CONNECTION_STRING" "$hdb_user"
echo -e "------------------------------------------------------${COLOR_NC}" echo -e "------------------------------------------------------${COLOR_NC}"
read -p "❓ Execute this command? (y/n): " execute_now read -p "❓ Execute this command? (y/n): " execute_now
if [[ "$execute_now" =~ ^[Yy]$ ]]; then if [[ "$execute_now" =~ ^[Yy]$ ]]; then
echo -e "\n${COLOR_GREEN}⚙️ Executing command...${COLOR_NC}" echo -e "\n${COLOR_GREEN}⚙️ Executing command...${COLOR_NC}"
if "$HDB_EXECUTABLE_PATH" SET "$key_name" "$CONNECTION_STRING" "$hdb_user" "$hdb_pass"; then # Create the key first
echo -e "${COLOR_GREEN} ✅ Success! Key '${key_name}' stored securely.${COLOR_NC}" if "$HDB_USERSTORE_EXEC" SET "$key_name" "$CONNECTION_STRING" "$hdb_user" "$hdb_pass"; then
echo -e "${COLOR_GREEN} ✅ Success! Key '${key_name}' stored locally.${COLOR_NC}"
# Immediately test the new key
if ! test_key "$key_name"; then
# If the test fails, roll back by deleting the key
echo -e "\n${COLOR_YELLOW} 롤 Rolling back: Deleting the newly created key '${key_name}' due to connection failure.${COLOR_NC}"
if "$HDB_USERSTORE_EXEC" DELETE "$key_name"; then
echo -e "${COLOR_GREEN} ✅ Key '${key_name}' successfully deleted.${COLOR_NC}"
else
echo -e "${COLOR_RED} ❌ Error: Failed to automatically delete the key '${key_name}'. Please remove it manually.${COLOR_NC}"
fi
fi
else else
echo -e "${COLOR_RED} ❌ Error: Failed to store key '${key_name}'. Please check details and credentials.${COLOR_NC}" echo -e "${COLOR_RED} ❌ Error: Failed to store key '${key_name}'. Please check details and credentials.${COLOR_NC}"
fi fi
@@ -54,7 +99,7 @@ create_new_key() {
delete_key() { delete_key() {
echo -e "\n${COLOR_BLUE}🗑️ --- Delete Existing Secure Key ---${COLOR_NC}" echo -e "\n${COLOR_BLUE}🗑️ --- Delete Existing Secure Key ---${COLOR_NC}"
keys=$("$HDB_EXECUTABLE_PATH" list 2>/dev/null | tail -n +3 | grep '^KEY ' | awk '{print $2}') keys=$("$HDB_USERSTORE_EXEC" list 2>/dev/null | tail -n +3 | grep '^KEY ' | awk '{print $2}')
if [ -z "$keys" ]; then if [ -z "$keys" ]; then
echo -e "${COLOR_YELLOW}🤷 No keys found to delete.${COLOR_NC}" echo -e "${COLOR_YELLOW}🤷 No keys found to delete.${COLOR_NC}"
return return
@@ -66,7 +111,7 @@ delete_key() {
read -p "❓ PERMANENTLY delete the key '$key_to_delete'? (y/n): " confirm read -p "❓ PERMANENTLY delete the key '$key_to_delete'? (y/n): " confirm
if [[ "$confirm" =~ ^[Yy]$ ]]; then if [[ "$confirm" =~ ^[Yy]$ ]]; then
echo -e "\n${COLOR_GREEN}⚙️ Deleting key '$key_to_delete'...${COLOR_NC}" echo -e "\n${COLOR_GREEN}⚙️ Deleting key '$key_to_delete'...${COLOR_NC}"
if "$HDB_EXECUTABLE_PATH" DELETE "$key_to_delete"; then if "$HDB_USERSTORE_EXEC" DELETE "$key_to_delete"; then
echo -e "${COLOR_GREEN} ✅ Success! Key '$key_to_delete' has been deleted.${COLOR_NC}" echo -e "${COLOR_GREEN} ✅ Success! Key '$key_to_delete' has been deleted.${COLOR_NC}"
else else
echo -e "${COLOR_RED} ❌ Error: Failed to delete the key.${COLOR_NC}" echo -e "${COLOR_RED} ❌ Error: Failed to delete the key.${COLOR_NC}"
@@ -81,12 +126,35 @@ delete_key() {
done done
} }
# --- Function: List and Test a Key ---
list_and_test_key() {
echo -e "\n${COLOR_BLUE}🧪 --- Test an Existing Secure Key ---${COLOR_NC}"
keys=$("$HDB_USERSTORE_EXEC" list 2>/dev/null | tail -n +3 | grep '^KEY ' | awk '{print $2}')
if [ -z "$keys" ]; then
echo -e "${COLOR_YELLOW}🤷 No keys found to test.${COLOR_NC}"
return
fi
PS3=$'\nPlease select a key to test (or Ctrl+C to cancel): '
select key_to_test in $keys; do
if [ -n "$key_to_test" ]; then
test_key "$key_to_test"
break
else
echo -e "${COLOR_RED}❌ Invalid selection. Try again.${COLOR_NC}"
fi
done
}
# --- Main Menu --- # --- Main Menu ---
while true; do while true; do
echo -e "\n${COLOR_BLUE}🔐 ========== SAP HANA Secure User Store Key Manager ==========${COLOR_NC}" echo -e "\n${COLOR_BLUE}🔐 ========== SAP HANA Secure User Store Key Manager ==========${COLOR_NC}"
echo "1) Create a New Key" echo "1) Create a New Key"
echo "2) Delete an Existing Key" echo "2) Delete an Existing Key"
echo "3) Exit" echo "3) Test an Existing Key"
echo "4) Exit"
read -p $'\nPlease select an option: ' choice read -p $'\nPlease select an option: ' choice
@@ -98,6 +166,9 @@ while true; do
delete_key delete_key
;; ;;
3) 3)
list_and_test_key
;;
4)
echo "👋 Exiting." echo "👋 Exiting."
exit 0 exit 0
;; ;;
@@ -105,4 +176,4 @@ while true; do
echo -e "${COLOR_RED}❌ Invalid option '$choice'. Please try again.${COLOR_NC}" echo -e "${COLOR_RED}❌ Invalid option '$choice'. Please try again.${COLOR_NC}"
;; ;;
esac esac
done done