Updating the access token for the target database
A valid access token is required to access the target database of a Data Gate instance. Update it on a regular basis because a theft of the token could give an attacker the chance to view, destroy, or otherwise manipulate the data in the target database. Update the token immediately if you suspect that it has been stolen or compromised.
Symptoms
Data Gate cannot access the target database on Cloud Pak for Data.Causes
The access token is not valid anymore.Resolving the problem
To update or renew the access token, follow these steps:- Identify the Data Gate instance identifier, and assign the value to
the variable
DG_INSTANCE_IDby issuing theoc get dginstancecommand. For example:oc get dginstance -n ${PROJECT_CPD_INST_OPERANDS} NAME VERSION BUILD STATUS RECONCILED AGE dg1699914520773847 5.0.0 5.0.0.82 Completed 5.0.0 6h58mIn this example, the instance ID is
dg1699914520773847. Set the variableDG_INSTANCE_IDto this instance ID. - Identify the Data Gate instance pod, and assign the value to the
variable
DG_PODby issuing the followingoc get podcommand:DG_POD=$(oc get pod -n ${PROJECT_CPD_INST_OPERANDS} -l icpdsupport/app=dg-instance-server,\ icpdsupport/serviceInstanceId=`echo ${DG_INSTANCE_ID} | sed 's/^dg//'` -o jsonpath='{.items[0].metadata.name}') - Start the
data-gate-apicontainer:oc exec -it ${DG_POD} -c data-gate-api -n ${PROJECT_CPD_INST_OPERANDS} -- bash - Update the access token by entering the following command from the
/head/clone-api/scripts/
directory:
sh update_target_db2_access_token.sh <CP4D_USERNAME> <CP4D_PASSWORD>where:
- <CP4D_USERNAME>
- Is the ID of the privileged user on Cloud Pak for Data. To change the access token, this ID must have the Admin role on the target database.
- <CP4D_PASSWORD>
- Is the password of the privileged user on Cloud Pak for Data who has the Admin role on the Data Gate instance
- Check the result. The access token was successfully updated if you see the following screen
output:
{"resStatus":"SUCCESS"} Done