This blog post is part of a series of blogs I published about @sap/datasphere-cli. Find all blog posts related to this topic in my overview blog post here.
The Node.js-based Command-Line Interface (CLI) for SAP Datasphere, @sap/datasphere-cli hosted on npmjs.com, allows you to interact with your SAP Datasphere tenant from the terminal or command line. Since version 2023.1 you can use the CLI to reset and retrieve new passwords for the database users in your space.
Introduction
Since the release of SAP Datasphere version 2023.1, you can now use the SAP Datasphere Command-Line Interface (CLI) to reset and retrieve new passwords for your database users in your spaces. This allows you to fully automate the handling of database users by using the CLI to create, update, and delete database users in your space.
In this blog post, I walk you through all the steps and highlight the new command to reset and retrieve new database user passwords.
Before you start with the first step, you need to initialize the cache of the CLI again, if you haven't done this after version 2023.1 had been deployed into your tenant, using the datasphere cache init command. I'm using the OAuth Client-based login mechanism using the datasphere login --secrets-file command. I have set the host I'm working with globally using the datasphere host set command, so that I don't have to repeat the host and credentials with each and every command throughout this blog.
$ datasphere host set https://myhost.eu10.hcs.cloud.sap/
$ datasphere login --secrets-file /path/to/secrets/file.json
$ datasphere cache initCode Sample 1 - Updating the CLI
Since this is a server-side enhancement only, you are not required to install a new version of the @Sap/datasphere-cli module from npmjs.com. You can use the new command to reset the passwords with versions of @Sap/datasphere-cli less than 2023.x, for example, 2022.24.0.
Creating a Space
I'm using the CLI to create a space with a technical ID MYEXAMPLESPACE and description "My Example Space" with only minimal configuration. I do only specify two database users MY_FIRST_DB_USER and MY_SECOND_DB_USER in my space and omit the optional properties, falling back to default values.
{
"MYEXAMPLESPACE": {
"spaceDefinition": {
"version": "1.0.4",
"label": "My Example Space",
"assignedStorage": 0,
"assignedRam": 0,
"members": [
{
"name": "JKANNGIESSER",
"type": "user"
}
],
"dbusers": {
"MYEXAMPLESPACE#MY_FIRST_DB_USER": {
"ingestion": {
"auditing": {
"dppRead": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
},
"dppChange": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
}
}
},
"consumption": {
"localSchemaAccess": true,
"spaceSchemaAccess": true,
"hdiGrantorForCupsAccess": true
}
},
"MYEXAMPLESPACE#MY_SECOND_DB_USER": {
"ingestion": {
"auditing": {
"dppRead": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
},
"dppChange": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
}
}
},
"consumption": {
"localSchemaAccess": true,
"spaceSchemaAccess": true,
"hdiGrantorForCupsAccess": true
}
}
}
}
}
}Space Definition Example 1
Using the CLI, I can create the space using the datasphere spaces create command, pointing it to the space definition file using the --file-path option.
$ datasphere spaces create --file-path space.json Code Sample 2 - Creating a new space
The space was created successfully.
Picture 1 - Successfully created space
Also, the two database users have been created.
Picture 2 - Existing database users
Reseting Database User Passwords
After you have initialized the CLI again, you find a new command dbusers when running datasphere.
$ datasphere
Usage: datasphere [options] [command]
Command-Line Interface for SAP Datasphere.
Options:
-v, --version output the current version
-H, --host <host> specifies the url where the tenant is hosted (optional)
-O, --options-file <file> path to options file (optional)
-h, --help display help for command
Commands:
cache work with the local CLI cache
dbusers [options] manage and orchestrate database users
help [command] display help for command
host configure host properties
login [options] log in to your account using interactive OAuth authentication
logout log out from your account
passcode-url [options] display the passcode url
secrets work with the locally stored secrets
spaces [options] manage and orchestrate spacesCode Sample 3 - New command dbusers
Digging deeper into this new dbusers command, it reveals a subcommand password for working with passwords.
$ datasphere dbusers
Usage: datasphere dbusers [options] [command]
manage and orchestrate database users
Options:
-H, --host <host> specifies the url where the tenant is hosted (optional)
-h, --help display help for command
Commands:
password [options] maintain password of database user
help [command] display help for commandCode Sample 4 - datasphere dbusers
The command datasphere dbusers password again comes with another subcommand reset.
$ datasphere dbusers password
Usage: datasphere dbusers password [options] [command]
maintain password of database user
Options:
-H, --host <host> specifies the url where the tenant is hosted (optional)
-h, --help display help for command
Commands:
reset [options] reset password of database user
help [command] display help for commandCode Sample 5 - datasphere dbusers password reset
This command requires two options --space and --databaseuser, specifying the space ID and ID of the database user for which you would like to reset the password. I have removed some of the default options for better readability.
$ datasphere dbusers password reset --help
Usage: datasphere dbusers password reset [options]
reset password of database user
Options:
-P, --pretty pretty-formats JSON responses (optional)
-S, --space <space> space id (optional)
-j, --databaseuser <databaseuser> database user id (optional)
-o, --output <output> specifies the file to store the output of the command (optional)
-h, --help display help for commandCode Sample 6 - Options available for command datasphere dbusers password reset
To reset and retrieve a new password for any of the existing database users within my space, I can provide the space ID and database user ID directly as options to the command. I also use the --pretty option to pretty-format the response. I could also use the --output option to store the response in a file.
$ datasphere dbusers password reset --space MYEXAMPLESPACE --databaseuser MYEXAMPLESPACE#MY_FIRST_DB_USER --pretty
{
"password": ")@:Nrga/6eQq,RPg3-05SL9.Z%]dL_WO",
"username": "MYEXAMPLESPACE#MY_FIRST_DB_USER",
"host": "somehost.hana.prod-eu10.hanacloud.ondemand.com",
"port": 443
}Code Sample 7 - Resetting the password of a database user
Please note: You always have to specify the full database user ID like <space ID>#<user ID>. In this example I have specified the ID as MYEXAMPLESPACE#MY_FIRST_DB_USER.
The CLI also allows you to enter the values for the space ID and database user ID interactively, by running the datasphere dbusers password reset command again without specifying the --space and --databaseuser options.
$ datasphere dbusers password reset --pretty
✔ Provide a value for option space (space id): … MYEXAMPLESPACE
✔ Provide a value for option databaseuser (database user id): … MYEXAMPLESPACE#MY_FIRST_DB_USER
{
"password": "M5|44kP?=9s[6;*=VlRK:/aS4jkJZ@$P",
"username": "MYEXAMPLESPACE#MY_FIRST_DB_USER",
"host": "myhost.hana.prod-eu10.hanacloud.ondemand.com",
"port": 443
}Code Sample 8 - Resetting the password in interactive mode
Deleting Database Users
To remove any existing database users again, I send the updated space definition file to the tenant, again using the command dwc spaces create, removing any database user I want to delete. In this example I'm deleting the first of the two users. The updated space definition file looks like this.
{
"MYEXAMPLESPACE": {
"spaceDefinition": {
"version": "1.0.4",
"label": "My Example Space",
"assignedStorage": 0,
"assignedRam": 0,
"members": [
{
"name": "JKANNGIESSER",
"type": "user"
}
],
"dbusers": {
"MYEXAMPLESPACE#MY_SECOND_DB_USER": {
"ingestion": {
"auditing": {
"dppRead": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
},
"dppChange": {
"isAuditPolicyActive": false,
"retentionPeriod": 7
}
}
},
"consumption": {
"localSchemaAccess": true,
"spaceSchemaAccess": true,
"hdiGrantorForCupsAccess": true
}
}
}
}
}
}Space Definition Example 2
After running the same command from Code Sample 2 again, the database users have been updated and the first of the two users had been deleted successfully.
Picture 3 - Updated database access section
Conclusion
I’d be happy to hear your thoughts, ideas, and comments on this tool and what you think would be a nice-to-have enhancement to the CLI, making your life and work with SAP Datasphere easier. Let me know in the comments!
Further Reading
Command-Line Interface for SAP Datasphere on npmjs.com
Command-Line Interface for SAP Datasphere on SAP Help
- SAP Managed Tags:
3 Comments
