Merge pull request #79 from Meyer-J/system_privileges

fix #74
SAP-samples · May 12, 2022 · 14140ea · 14140ea
2 parents 6fbd281 + ffc285b
commit 14140ea
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -202,7 +202,7 @@ Options:
 ```shell
 hana-cli adminHDI [user] [password]
 [aliases: adHDI, adhdi]
-Create an Admin User for HDI
+Create an Admin User for HDI or assign HDI admin privileges to an existing user
 
 Connection Parameters:
   -a, --admin, --Admin  Connect via admin (default-env-admin.json)
@@ -221,6 +221,11 @@ Troubleshooting:
 Options:
   -u, --user, --User          User
   -p, --password, --Password  Password
+  -c, --create, --Create      Set this parameter to false to reuse an existing
+                              database user and assign the HDI admin privileges
+                              to this user. In this case a dummy password can
+                              be given.
+                                                      [boolean] [default: false]
 ```
 
 ### adminHDIGroup

diff --git a/_i18n/messages.properties b/_i18n/messages.properties
@@ -24,9 +24,10 @@ hdbsql = Launch the hdbsql tool (if installed separately) using the locally pers
 ports = Display port assignments for internal SAP HANA services
 activateHDI = Activate the HDI service in a particluar SAP HANA Tenant (Must be ran in the SYSTEMDB)
 tenant = SAP HANA Tenant
-adminHDI = Create an Admin User for HDI
+adminHDI = Create an Admin User for HDI or assign HDI admin privileges to an existing user
 adminHDIGroup = Add a User as an HDI Group Admin
 group = HDI Group
+createUser = Create a new HDI admin user with the given username and password
 createXSAAdmin = Create an SAP HANA DB User which is also an XSA Admin
 createContainer = Create an HDI Container and populate connection details into default-env.json
 createContainerUsers = Create new HDI Container technical users for an existing container and populates connection details into default-env.json

diff --git a/bin/adminHDI.js b/bin/adminHDI.js
@@ -13,6 +13,12 @@ export const builder = base.getBuilder({
   password: {
     alias: ['p', 'Password'],
     desc: base.bundle.getText("password")
+  },
+  create: {
+    alias: ['c', 'Create'],
+    desc: base.bundle.getText("createUser"),
+    type: 'boolean',
+    default: true
   }
 })
 
@@ -27,6 +33,10 @@ export function handler (argv) {
       hidden: true,
       replace: '*',
       required: true
+    },
+    create: {
+      description: base.bundle.getText("createUser"),
+      required: false
     }
   })
 }
@@ -37,15 +47,16 @@ export async function activate(prompts) {
     base.setPrompts(prompts)
     const dbStatus = await base.createDBConnection()
 
-    let results = await dbStatus.execSQL(`CREATE USER ${prompts.user} PASSWORD "${prompts.password}" NO FORCE_FIRST_PASSWORD_CHANGE;`)
-    console.table(results)
+    if (prompts.create) {
+      let results = await dbStatus.execSQL(`CREATE USER ${prompts.user} PASSWORD "${prompts.password}" NO FORCE_FIRST_PASSWORD_CHANGE;`)
+      console.table(results)
+    }
+    else
+      base.debug('do not create a new database user')
 
     let resultsGrant = await dbStatus.execSQL(
       `CREATE LOCAL TEMPORARY TABLE #PRIVILEGES LIKE _SYS_DI.TT_API_PRIVILEGES;`)
     console.table(resultsGrant)
-    resultsGrant = await dbStatus.execSQL(
-      `INSERT INTO #PRIVILEGES (PRINCIPAL_NAME, PRIVILEGE_NAME, OBJECT_NAME) SELECT 'SYSTEM', PRIVILEGE_NAME, OBJECT_NAME FROM _SYS_DI.T_DEFAULT_DI_ADMIN_PRIVILEGES;`)
-    console.table(resultsGrant)
     resultsGrant = await dbStatus.execSQL(
       `INSERT INTO #PRIVILEGES (PRINCIPAL_NAME, PRIVILEGE_NAME, OBJECT_NAME) SELECT '${prompts.user}', PRIVILEGE_NAME, OBJECT_NAME FROM _SYS_DI.T_DEFAULT_DI_ADMIN_PRIVILEGES;`)
     console.table(resultsGrant)
@@ -55,14 +66,18 @@ export async function activate(prompts) {
     resultsGrant = await dbStatus.execSQL(
       `DROP TABLE #PRIVILEGES;`)
     console.table(resultsGrant)
-
-    resultsGrant = await dbStatus.execSQL(
-      `GRANT USER ADMIN TO ${prompts.user}`)
-    console.table(resultsGrant)
 
-    resultsGrant = await dbStatus.execSQL(
-      `GRANT ROLE ADMIN TO ${prompts.user}`)
-    console.table(resultsGrant)
+    if (base.getUserName() != prompts.user) {
+      resultsGrant = await dbStatus.execSQL(
+        `GRANT USER ADMIN TO ${prompts.user}`)
+      console.table(resultsGrant)
+
+      resultsGrant = await dbStatus.execSQL(
+        `GRANT ROLE ADMIN TO ${prompts.user}`)
+      console.table(resultsGrant)
+    }
+    else
+      base.debug('Do not grant privieges to ' + prompts.user)
 
     return base.end()
 

diff --git a/utils/base.js b/utils/base.js
@@ -81,7 +81,7 @@ function startSpinnerInt() {
 /** type {object} - processed input prompts*/
 let prompts = []
 /**
- * 
+ *
  * @param {object} newPrompts - processed input prompts
  */
 export function setPrompts(newPrompts) {
@@ -92,7 +92,7 @@ export function setPrompts(newPrompts) {
 }
 
 /**
- * 
+ *
  * @returns {object} newPrompts - processed input prompts
  */
 export function getPrompts() {
@@ -118,7 +118,7 @@ export function getPrompts() {
     if (!prompts.indexes) { prompts.indexes = "*" }
     // @ts-ignore
     if (!prompts.output) { prompts.output = "tbl" }
-    // @ts-ignore 
+    // @ts-ignore
     if (typeof prompts.cf === 'undefined') { prompts.cf = true }
     return prompts
 }
@@ -144,7 +144,7 @@ export async function createDBConnection(options) {
 }
 
 /**
- * Initialize Yargs builder 
+ * Initialize Yargs builder
  * @param {import("yargs").CommandBuilder} input - parameters for the command
  * @param {boolean} [iConn=true] - Add Connection Group
  * @param {boolean} [iDebug=true] - Add Debug Group
@@ -384,10 +384,10 @@ export function getPrompt(argv) {
 }
 
 /**
- * Fill the prompts schema 
+ * Fill the prompts schema
  * @param {typeof import("prompt")} input - prompts current value
  * @param {boolean} [iConn=true] - Add Connection Group
- * @param {boolean} [iDebug=true] - Add Debug Group 
+ * @param {boolean} [iDebug=true] - Add Debug Group
  * @returns {any} prompts schema as json
  */
 export function getPromptSchema(input, iConn = true, iDebug = true) {
@@ -453,7 +453,7 @@ export function askFalse() {
  * @param {function} processingFunction - Function to call after prompts to continue command processing
  * @param {typeof import("prompt")} input - prompts current value
  * @param {boolean} [iConn=true] - Add Connection Group
- * @param {boolean} [iDebug=true] - Add Debug Group 
+ * @param {boolean} [iDebug=true] - Add Debug Group
  */
 export function promptHandler(argv, processingFunction, input, iConn = true, iDebug = true) {
     const prompt = getPrompt(argv)
@@ -524,7 +524,7 @@ export async function end() {
 }
 
 /**
- * Start Console UI spinner 
+ * Start Console UI spinner
  * @param {*} prompts - input parameters and values
  */
 export function startSpinner(prompts) {
@@ -578,7 +578,7 @@ export function isGui(prompts) {
 /**
  * Output JSON content either as a table or as formatted JSON to console
  * @param {*} content - json content often a HANA result set
- * @returns void 
+ * @returns void
  */
 export function outputTable(content) {
     if (content.length < 1) {
@@ -636,7 +636,7 @@ export async function webServerSetup(urlPath) {
         }
     }
 
-    //Start the Server 
+    //Start the Server
     server.on("request", app)
     server.listen(port, function () {
         // @ts-ignore
@@ -661,9 +661,24 @@ export function sendResults(res, results) {
 }
 
 /**
- * Return the last results JSON 
+ * Return the last results JSON
  * @returns lastResults
  */
 export function getLastResults() {
     return lastResults
-}
+}
+
+/**
+ * Get the username of the active database connection
+ * @returns userName
+ */
+export function getUserName() {
+  let userName = ''
+
+  if (dbConnection) {
+    userName = dbConnection.get('user')
+    debug('Username of db connection: ' + userName)
+  }
+
+  return userName
+}