# DRAFT - Managing the Db2 Data Management Console - DRAFT

This Jupyter Notebook contains examples of how to setup and manage the Db2 Data Management Console. It covers how to add additional users using database authentication, how to explore and manage connections and setup and manage monitoring profiles.

The Db2 Data Management Console is more than a graphical user interface. It is a set of microservices that you can use to build custom applications to automate your use of Db2.

This Jupyter Notebook contains examples of how to use the Open APIs and the composable interface that are available in the Db2 Data Management Console. Everything in the User Interface is also available through an open and fully documented RESTful Services API. The full set of APIs are documented as part of the Db2 Data Management Console user interface. In this hands on lab you can connect to the documentation directly through this link: [Db2 Data Management Console RESTful APIs](http://localhost:11080/dbapi/api/index_enterprise.html). 

You can also embed elements of the full user interface into an IFrame by constructing the appropriate URL.

This hands on lab will be calling the Db2 Data Management Console as a service. However you can explore it through the user interface as well. Just click on the following link to try out the console that is already and setup in this lab: http://localhost:11080/console. If you have not already logged in you can use the following:
* Userid: db2inst1
* Password: db2inst1

### Import Helper Classes
For more information on these classes, see the Lab on Automate Db2 with Open Console Services

### The Console Class
Next we will create a Console helper class that will encapsulate the Rest API calls that we can use to directly access the Db2 Data Management Console service without having to use the user interface. 

To access the service we need to first authenticate with the service and create a reusable token that we can use for each call to the service. This ensures that we don't have to provide a userID and password each time we run a command. The token makes sure this is secure. 

Each request is constructed of several parts. First, the URL and the API identify how to connect to the service. Second the REST service request that identifies the request and the options. For example '/metrics/applications/connections/current/list'. And finally some complex requests also include a JSON payload. For example running SQL includes a JSON object that identifies the script, statement delimiters, the maximum number of rows in the results set as well as what do if a statement fails.

The full set of APIs are documents as part of the Db2 Data Management Console user interface. In this hands on lab you can connect to that directly through this link: [Db2 Data Management Console RESTful APIs](http://localhost:11080/dbapi/api/index_enterprise.html). 

### First we will import a few helper classes
We need to pull in a few standard Python libraries so that we can work with REST, JSON and a library called Pandas. Pandas lets us work with DataFrames, which are a very powerful way to work with tabular data in Python. 

In [1]:
# Import the class libraries 
import requests
import ssl
import json
from pprint import pprint
from requests import Response
import pandas as pd
import time
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
from IPython.display import IFrame
from IPython.display import display, HTML
from pandas.io.json import json_normalize
%matplotlib inline
import matplotlib
import matplotlib.pyplot as plt

In [2]:
# Run the Db2 Class library
# Used to construct and reuse an Autentication Key
# Used to construct RESTAPI URLs and JSON payloads
class Db2Console():
    
    def __init__(self, url, verify = False, proxies=None, ):
        self.url = url
        self.proxies = proxies
        self.verify = verify

    def authenticate(self, userid, password, profile=""):
        credentials = {'userid':userid, 'password':password}
        r = requests.post(self.url+'/auth/tokens', verify=self.verify, json=credentials, proxies=self.proxies)
        if (r.status_code == 200):
            bearerToken = r.json()['token']
            if profile == "":
                self.headers = {'Authorization': 'Bearer'+ ' '+bearerToken}
                return True;
            else:
                self.headers = {'Authorization': 'Bearer'+ ' '+bearerToken, 'X-DB-Profile': profile}
                return True;
        else:
            print ('Unable to authenticate, no bearer token obtained')
            return False;
        
    def printResponse(self, r, code):
        if (r.status_code == code):
            pprint(r.json())
        else:
            print (r.status_code)
            print (r.content)
    
    def getRequest(self, api, json=None):
        return requests.get(self.url+api, verify = self.verify, headers=self.headers, proxies = self.proxies, json=json)

    def postRequest(self, api, json=None):
        return requests.post(self.url+api, verify = self.verify, headers=self.headers, proxies = self.proxies, json=json) 
        
    def getStatusCode(self, response):
        return (response.status_code)

    def getJSON(self, response):
        return (response.json())
    
    def runSQL(self, script, limit=10, separator=';', stopOnError=False):
        sqlJob = {'commands': script, 'limit':limit, 'separator':separator, 'stop_on_error':str(stopOnError)}
        return self.postRequest('/sql_jobs',sqlJob)
        
    def getSQLJobResult(self, jobid):
        return self.getRequest('/sql_jobs/'+jobid)
    
    def getUserPriviledges(self, profile=''):
        if profile == '' :
            return self.getRequest('/userProfilePrivileges')
        else : 
            return self.getRequest('/userProfilePrivileges/'+profile)
    
    def assignUserPrivileges(self, profile, user):
        json = [{'profileName': profile, 'USER':[user], 'OWNER':[]}]
        return self.postRequest('/userProfilePrivileges?action=assign', json) 
 
    def assignOwnerPrivileges(self, profile, owner):
        json = [{'profileName': profile, 'USER':[], 'OWNER':[owner]}]
        return self.postRequest('/userProfilePrivileges?action=assign', json) 
    
    def revokeProfilePrivileges(self, profile, user):
        json = [{'profileName': profile, 'USER':[user]}]
        return self.postRequest('/userProfilePrivileges?action=revoke', json) 

    def getProfile(self,profile):
        return self.getRequest('/dbprofiles/'+profile)    
    
    def getMonitorStatus(self):
        return self.getRequest('/monitor') 
    
    def getConsoleProfiles(self):
        return self.getRequest('/dbprofiles')  
    
    def getConsoleRepository(self):
        return self.getRequest('/repository')    

### Db2 Data Management Console Connection
To connect to the Db2 Data Management Console service you need to provide the URL, the service name (v4) and profile the console user name and password as well as the name of the connection profile used in the console to connect to the database you want to work with. For this lab we are assuming that the following values are used for the connection:
* Userid: db2inst1
* Password: db2inst1
* Connection: sample

**Note:** If the Db2 Data Management Console has not completed initialization, the connection below will fail. Wait for a few moments and then try it again.

In [3]:
# Connect to the Db2 Data Management Console service
Console  = 'http://localhost:11080'
user     = 'DB2INST1'
password = 'db2inst1'

# Set up the required connection
databaseAPI = Db2Console(Console+'/dbapi/v4')
if databaseAPI.authenticate(user, password) :
    print("Token Created")
else : 
    print("Token Creation Failed")
database = Console

Token Created


### Confirm the connection
To confirm that your connection is working you can the Console connection profiles.

In [None]:
# Get Console Connection Profiles
r = databaseAPI.getConsoleProfiles()
if (databaseAPI.getStatusCode(r)==200):
    json = databaseAPI.getJSON(r)
    display(pd.DataFrame(json_normalize(json)))
else:
    print(databaseAPI.getStatusCode(r))      

### Get Repository Configuration
You can also get details on the repository configuration

In [19]:
# Get Console Repository Configuration
r = databaseAPI.getConsoleRepository()
if (databaseAPI.getStatusCode(r)==200):
    json = databaseAPI.getJSON(r) 
    display(pd.DataFrame(json_normalize(json)[['databaseName','status','host','port','collectionCred.user']]).transpose())
else:
    print(databaseAPI.getStatusCode(r))      

Unnamed: 0,0
databaseName,history
status,active
host,localhost
port,50000
collectionCred.user,db2inst1


### Running SQL Routines

In [None]:
def runSQL(profile,user, password, sqlText):
    
    if databaseAPI.authenticate(user, password, profile) :

        # Run the SQL Script and return the runID for later reference 
        runID = databaseAPI.getJSON(databaseAPI.runSQL(sqlText))['id'] 

        # See if there are any results yet for this job
        json = databaseAPI.getJSON(databaseAPI.getSQLJobResult(runID))
        
        # If the REST call returns an error return the json with the error to the calling routine
        if 'errors' in json :
            return json
        # Append the results from each statement in the script to the overall combined JSON result set
        fulljson = json

        while json['results'] != [] or (json['status'] != "completed" and json['status'] != "failed") :
            json = databaseAPI.getJSON(databaseAPI.getSQLJobResult(runID))

            # Get the results from each statement as they return and append the results to the full JSON 
            for results in json['results'] :
                fulljson['results'].append(results)
            # Wait 250 ms for more results
            time.sleep(0.25) 
        return fulljson
    else :
        print('Could not authenticate')
print('runSQL routine defined')

In [None]:
def displayResults(json):

    for results in json['results']:
        print('Statement: '+str(results['index'])+': '+results['command'])
        print('Runtime ms: '+str(results['runtime_seconds']*1000))
        if 'error' in results : 
            print(results['error'])
        elif 'rows' in results :
            df = pd.DataFrame(results['rows'],columns=results['columns'])
            print(df)
        else :
            print('No errors. Row Affected: '+str(results['rows_affected']))
        print()
print('displayResults routine defined')

### Setting up Repository Authentication

In [20]:
IFrame(database+'/console/?mode=compact#settings/authentication', width=1400, height=500)

### Adding Users to the Console using Repository Authentication

In [None]:
userList = {'newUser':['PETER', 'PAUL', 'MARY'], 'Type':['Admin', 'User', 'User']} 
userListDF = pd.DataFrame(userList) 
display(userListDF)
  
user = 'DB2INST1'
password = 'db2inst1'
profile = 'HISTORY'

for row in range(0, len(userListDF)):
    Type = userListDF['Type'].iloc[row]
    newUser = userListDF['newUser'].iloc[row]
    
    script = 'GRANT DBADM, CREATETAB, BINDADD, CONNECT, CREATE_NOT_FENCED, IMPLICIT_SCHEMA, LOAD ON DATABASE TO USER "'+newUser+'";'
    if userListDF['Type'].iloc[row] == 'Admin' :
        script = script + 'GRANT ROLE "CONSOLE_ADM" TO USER "'+newUser+'";'
    else : 
        script = script + 'GRANT ROLE "CONSOLE_USR" TO USER "'+newUser+'";'        
    print('Adding User: '+newUser)
    displayResults(runSQL(profile, user, password, script))
print('done')

### Get User Connection Profile Privileges

In [None]:
# Get User Connection Profile Privleges
r = databaseAPI.getUserPriviledges()
if (databaseAPI.getStatusCode(r)==200):
    json = databaseAPI.getJSON(r)
    display(pd.DataFrame(json_normalize(json)))
else:
    print(databaseAPI.getStatusCode(r))      

### Change User Connection Profile Privileges

In [13]:
# Change User Connection Profile Privileges
def addProfilePrivileges(profile, name, userType) :

    if userType == 'user' : 
        r = databaseAPI.assignUserPrivileges(profile, name)
    else: 
        r = databaseAPI.assignOwnerPrivileges(profile, name)

    if (databaseAPI.getStatusCode(r)==201):
        print(name+' added to: '+profile+" as a new "+userType+".")
    else:
        print(databaseAPI.getStatusCode(r)) 
    
print('Created routine to add profile privileges')

Created routine to add profile privileges


In [14]:
# Revoke User Connection Profile Privileges
def revokeProfilePrivileges(profile, name) :

    r = databaseAPI.revokeProfilePrivileges(profile, name)

    if (databaseAPI.getStatusCode(r)==201):
        print(name+' privilege revoked from: '+profile)
    else:
        print(databaseAPI.getStatusCode(r)) 
    
print('Created routine to revoke profile privileges')

Created routine to revoke profile privileges


In [15]:
addProfilePrivileges('HISTORY', 'PAUL', 'owner')

PAUL added to: HISTORY as a new owner.


In [16]:
revokeProfilePrivileges('HISTORY', 'PAUL')

PAUL privilege revoked from: HISTORY


In [17]:
userList = {'userName':['PETER', 'PAUL', 'MARY', 'PETER', 'PAUL', 'MARY'], 'Profile':['HISTORY', 'HISTORY', 'HISTORY', 'SAMPLE', 'SAMPLE','SAMPLE'],'Type':['owner', 'user', 'user', 'owner', 'user', 'user']} 
userListDF = pd.DataFrame(userList) 
display(userListDF)

for row in range(0, len(userListDF)):
    profile = userListDF['Profile'].iloc[row]
    userType = userListDF['Type'].iloc[row]
    name = userListDF['userName'].iloc[row]   
    addProfilePrivileges(profile, name, userType)
print('done')

Unnamed: 0,userName,Profile,Type
0,PETER,HISTORY,owner
1,PAUL,HISTORY,user
2,MARY,HISTORY,user
3,PETER,SAMPLE,owner
4,PAUL,SAMPLE,user
5,MARY,SAMPLE,user


PETER added to: HISTORY as a new owner.
PAUL added to: HISTORY as a new user.
MARY added to: HISTORY as a new user.
PETER added to: SAMPLE as a new owner.
PAUL added to: SAMPLE as a new user.
MARY added to: SAMPLE as a new user.
done


In [18]:
userList = {'userName':['PETER', 'PAUL', 'MARY', 'PETER', 'PAUL', 'MARY'], 'Profile':['HISTORY', 'HISTORY', 'HISTORY', 'SAMPLE', 'SAMPLE','SAMPLE']} 
userListDF = pd.DataFrame(userList) 
display(userListDF)

for row in range(0, len(userListDF)):
    profile = userListDF['Profile'].iloc[row]
    name = userListDF['userName'].iloc[row]   
    revokeProfilePrivileges(profile, name)
print('done')


Unnamed: 0,userName,Profile
0,PETER,HISTORY
1,PAUL,HISTORY
2,MARY,HISTORY
3,PETER,SAMPLE
4,PAUL,SAMPLE
5,MARY,SAMPLE


PETER privilege revoked from: HISTORY
PAUL privilege revoked from: HISTORY
MARY privilege revoked from: HISTORY
PETER privilege revoked from: SAMPLE
PAUL privilege revoked from: SAMPLE
MARY privilege revoked from: SAMPLE
done


#### Credits: IBM 2019, Peter Kohlmann [kohlmann@ca.ibm.com]