password for HANA DB user

[pirat013]

Hi,

I'd recommend to use the HANA secure store to get access to the DB and run the query's. Therefor we should add the option to use this instead of clear user and password in a file. The only thing you need is the HANA client package installed. Did we really need the full system user privileges to run the queries or would it be possible to use a different HANA permission profile to do the job as well? That would be a good combination of improvement.

[diegoakechi]

@pirat013 Yes, we use SYSTEMDB as a bad example, but this is not really needed. We should improve it and document better. We basically need some user with access to the monitoring catalog. I think HANA has a special role that can be granted for that.. so a good idea is to document that.

About the secure store, I think it was considered at least in the library, so shaptools can use it. For the hanadb_exporter, I don't know if it is an undocumented feature at the moment, or some implementation is needed.

@arbulu89 What do you think?

[pirat013]

Thanks

[arbulu89]

Hi @pirat013 and @diegoakechi , We can use any user that is already created in the database and has access to the data. The exporter doesn't create any user, so this step must be done beforehand. About the secure store user, by now we don't have this options and we would need to check if it's available in pydbd and dbapi packages. We just use these packages to connect to the db and run the queries.

[arbulu89]

f we would like to use hdbsql to get access to the DB we have to install the HANA client package on the 3rd node. If you use a different tool than hdbsql that's fine for me. But to be more close to the tools what an admin would use I'd prefer to stay on one tool. Can you catch what I mean? And maybe we could avoid incompatibility issues if we use the same tool as SAP is using to access the DB and the secure store

@pirat013 About this. We can already run the exporter in any node. The exporter is just a daemon that creates a connection with the database. About hdbsql, we discarded to use it becuase pyhdb and dbapi options are much more suitable. They provide a really good api to query the database, and we don't really need to care about parsing, creating queries, opening the connection, etc. So, by now we don't have plans to update that. But we will research about the secure store user usage for sure!!

[arbulu89]

After a quick research. pyhdb doesn't support hdbuserstore usage: https://github.com/SAP/PyHDB/issues/94 dbapi` does: https://help.sap.com/viewer/0eec0d68141541d1b07893a39944924e/2.0.02/en-US/ee592e89dcce4480a99571a4ae7a702f.html

In that case, we could provide the options of using this new feature as far as hdbcli python package is already available in the system.

[arbulu89]

Now, the userkey can be used to connect the exporter with the HANA database. Some installation steps added in the READEM file too