From c63b6b346d839628e4003c116e661973117ad8be Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 24 Nov 2025 02:11:33 +0000 Subject: [PATCH 1/6] Update HA validation and configuration: --- src/module_utils/get_pcmk_properties.py | 22 ++++++++- src/modules/get_pcmk_properties_scs.py | 1 + .../configuration_checks/tasks/files/hana.yml | 2 +- .../ha_db_hana/tasks/files/constants.yaml | 13 +++-- src/roles/ha_db_hana/tasks/ha-config.yml | 35 ++++++++++++- src/roles/ha_scs/tasks/files/constants.yaml | 49 +++++++++++++++++++ src/roles/ha_scs/tasks/ha-config.yml | 35 ++++++++++++- src/vars/input-api.yaml | 4 ++ 8 files changed, 150 insertions(+), 11 deletions(-) diff --git a/src/module_utils/get_pcmk_properties.py b/src/module_utils/get_pcmk_properties.py index efeea03a..5945fc4a 100644 --- a/src/module_utils/get_pcmk_properties.py +++ b/src/module_utils/get_pcmk_properties.py @@ -561,12 +561,33 @@ def validate_from_constants(self): if failed_parameters: overall_status = TestStatus.ERROR.value + failed_param_names = [] + for param in failed_parameters: + param_name = param.get("name", "") + category = param.get("category", "") + if param_name and category: + failed_param_names.append(f"'{param_name}' ({category})") + elif param_name: + failed_param_names.append(f"'{param_name}'") + + if failed_param_names: + self.result["message"] += ( + f"HA parameter validation failed for {len(failed_parameters)} parameter(s): " + f"{', '.join(failed_param_names)}. " + ) + else: + self.result[ + "message" + ] += f"HA parameter validation failed for {len(failed_parameters)} parameter(s). " elif warning_parameters: overall_status = TestStatus.WARNING.value + self.result["message"] += "HA parameter validation completed with warnings. " elif self.result.get("status") == TestStatus.WARNING.value: overall_status = TestStatus.WARNING.value + self.result["message"] += "HA parameter validation completed with warnings. " else: overall_status = TestStatus.SUCCESS.value + self.result["message"] += "HA parameter validation completed successfully. " self.result.update( { @@ -574,7 +595,6 @@ def validate_from_constants(self): "status": overall_status, } ) - self.result["message"] += "HA parameter validation completed successfully. " recommendation_message = self._generate_recommendation_message() if recommendation_message: self.result["message"] += recommendation_message diff --git a/src/modules/get_pcmk_properties_scs.py b/src/modules/get_pcmk_properties_scs.py index b0e954be..e2dfbf31 100644 --- a/src/modules/get_pcmk_properties_scs.py +++ b/src/modules/get_pcmk_properties_scs.py @@ -166,6 +166,7 @@ class HAClusterValidator(BaseHAClusterValidator): "ipaddr": ".//primitive[@type='IPaddr2']", "azurelb": ".//primitive[@type='azure-lb']", "azureevents": ".//primitive[@type='azure-events-az']", + "filesystem": ".//primitive[@type='Filesystem']", } def __init__( diff --git a/src/roles/configuration_checks/tasks/files/hana.yml b/src/roles/configuration_checks/tasks/files/hana.yml index dc412ce7..588504f8 100644 --- a/src/roles/configuration_checks/tasks/files/hana.yml +++ b/src/roles/configuration_checks/tasks/files/hana.yml @@ -159,7 +159,7 @@ checks: user: *root validator_type: *list validator_args: - valid_list: ["reboot", "stonith-action=reboot"] + valid_list: ["reboot", "stonith-action=reboot", "stonith-action=reboot (default)"] report: *check - id: "DB-HANA-0004" diff --git a/src/roles/ha_db_hana/tasks/files/constants.yaml b/src/roles/ha_db_hana/tasks/files/constants.yaml index bc3c2141..b85d2041 100644 --- a/src/roles/ha_db_hana/tasks/files/constants.yaml +++ b/src/roles/ha_db_hana/tasks/files/constants.yaml @@ -34,6 +34,9 @@ CRM_CONFIG_DEFAULTS: azure-events-az_globalPullState: value: "IDLE" required: false + have-watchdog: + value: "true" + required: false # === Operation Defaults === # cibadmin --query --scope op_defaults @@ -50,7 +53,7 @@ OP_DEFAULTS: RSC_DEFAULTS: migration-threshold: value: "5000" - required: false + required: true priority: value: "1" required: false @@ -868,18 +871,18 @@ GLOBAL_INI: execution_order: value: "1" required: true - ha_dr_provider_suschksrv: + ha_dr_provider_chksrv: provider: - value: "susChkSrv" + value: "ChkSrv" required: true path: value: ["/usr/share/SAPHanaSR", "/hana/shared/myHooks"] required: true execution_order: - value: "3" + value: "2" required: true action_on_host: - value: "fence" + value: "kill" required: true trace: ha_dr_saphanasr: diff --git a/src/roles/ha_db_hana/tasks/ha-config.yml b/src/roles/ha_db_hana/tasks/ha-config.yml index 5069429b..00902f8d 100644 --- a/src/roles/ha_db_hana/tasks/ha-config.yml +++ b/src/roles/ha_db_hana/tasks/ha-config.yml @@ -7,6 +7,37 @@ - name: "Test Setup Tasks" ansible.builtin.include_tasks: "roles/misc/tasks/test-case-setup.yml" +- name: "Capture cluster configuration snapshot" + become: true + ansible.builtin.shell: >- + set -o pipefail && {{ + commands + | selectattr('name', 'equalto', 'ha_cluster_config_dump') + | map(attribute=(ansible_os_family | upper)) + | list | first | default('') + }} + args: + executable: /bin/bash + register: ha_cluster_config_dump_result + changed_when: false + failed_when: false + +- name: "Prepare cluster configuration payload" + ansible.builtin.set_fact: + ha_cluster_config_snapshot: |- + Command: {{ + commands + | selectattr('name', 'equalto', 'ha_cluster_config_dump') + | map(attribute=(ansible_os_family | upper)) + | list | first | default('Not defined') + }} + --- + {{ + (ha_cluster_config_dump_result.stdout | default('') | trim) + if (ha_cluster_config_dump_result.stdout is defined and (ha_cluster_config_dump_result.stdout | trim | length > 0)) + else (ha_cluster_config_dump_result.stderr | default('No output captured.')) + }} + - name: "Ensure a list of package version is available for logging" no_log: true block: @@ -151,22 +182,22 @@ - name: "Set the test case status to PASSED" ansible.builtin.set_fact: - test_case_name: "{{ item.name }}: {{ virtual_host }}" test_case_status: "{{ test_result.status }}" test_case_message: "{{ test_result.message }}" test_case_details: "{{ test_result.details }}" test_case_hostname: "{{ virtual_host }}" package_versions: "{{ packages_list.details }}" + test_case_var_log_messages: "{{ ha_cluster_config_snapshot | default('Cluster configuration snapshot unavailable') }}" rescue: - name: "Test case failed" ansible.builtin.set_fact: - test_case_name: "{{ item.name }}: {{ virtual_host }}" test_case_status: "FAILED" test_case_details: "{{ test_result }}" test_case_message: "{{ ansible_failed_result }}" test_case_hostname: "{{ virtual_host }}" package_versions: "{{ packages_list.details }}" + test_case_var_log_messages: "{{ ha_cluster_config_snapshot | default('Cluster configuration snapshot unavailable') }}" - name: "Post Telemetry Data" ansible.builtin.include_tasks: "roles/misc/tasks/post-telemetry-data.yml" diff --git a/src/roles/ha_scs/tasks/files/constants.yaml b/src/roles/ha_scs/tasks/files/constants.yaml index 66745245..cbfdcf08 100644 --- a/src/roles/ha_scs/tasks/files/constants.yaml +++ b/src/roles/ha_scs/tasks/files/constants.yaml @@ -384,6 +384,31 @@ RESOURCE_DEFAULTS: value: ["0", "0s"] required: false + filesystem: + required: false + operations: + monitor: + interval: + value: ["20", "20s"] + required: false + timeout: + value: ["40", "40s"] + required: false + start: + interval: + value: ["0", "0s"] + required: false + timeout: + value: ["60", "60s"] + required: false + stop: + interval: + value: ["0", "0s"] + required: false + timeout: + value: ["60", "60s"] + required: false + REDHAT: fence_agent: instance_attributes: @@ -677,6 +702,30 @@ RESOURCE_DEFAULTS: value: ["10", "10s"] required: false + filesystem: + required: false + operations: + monitor: + interval: + value: ["20", "20s"] + required: false + timeout: + value: ["40", "40s"] + required: false + start: + interval: + value: ["0", "0s"] + required: false + timeout: + value: ["60", "60s"] + required: false + stop: + interval: + value: ["0", "0s"] + required: false + timeout: + value: ["120", "120s"] + required: false # === OS Parameters === # Run command as root. Format of command is: "parent_key child_key" diff --git a/src/roles/ha_scs/tasks/ha-config.yml b/src/roles/ha_scs/tasks/ha-config.yml index 3136f21b..cdfb0132 100644 --- a/src/roles/ha_scs/tasks/ha-config.yml +++ b/src/roles/ha_scs/tasks/ha-config.yml @@ -7,6 +7,37 @@ - name: "Test Setup Tasks" ansible.builtin.include_tasks: "roles/misc/tasks/test-case-setup.yml" +- name: "Capture cluster configuration snapshot" + become: true + ansible.builtin.shell: >- + set -o pipefail && {{ + commands + | selectattr('name', 'equalto', 'ha_cluster_config_dump') + | map(attribute=(ansible_os_family | upper)) + | list | first | default('') + }} + args: + executable: /bin/bash + register: ha_cluster_config_dump_result + changed_when: false + failed_when: false + +- name: "Prepare cluster configuration payload" + ansible.builtin.set_fact: + ha_cluster_config_snapshot: |- + Command: {{ + commands + | selectattr('name', 'equalto', 'ha_cluster_config_dump') + | map(attribute=(ansible_os_family | upper)) + | list | first | default('Not defined') + }} + --- + {{ + (ha_cluster_config_dump_result.stdout | default('')) + if (ha_cluster_config_dump_result.stdout is defined and (ha_cluster_config_dump_result.stdout | length > 0)) + else (ha_cluster_config_dump_result.stderr | default('No output captured.')) + }} + - name: "Pre Validations: Validate parameters for the SCS nodes" become: true become_user: root @@ -32,19 +63,19 @@ - name: "Set the test case status to PASSED" ansible.builtin.set_fact: - test_case_name: "{{ item.name }}: {{ virtual_host }}" test_case_status: "{{ test_result.status }}" test_case_message: "{{ test_result.message }}" test_case_details: "{{ test_result.details }}" test_case_hostname: "{{ virtual_host }}" + test_case_var_log_messages: "{{ ha_cluster_config_snapshot | default('Cluster configuration snapshot unavailable') }}" rescue: - name: "Test case failed" ansible.builtin.set_fact: - test_case_name: "{{ item.name }}: {{ virtual_host }}" test_case_status: "FAILED" test_case_details: "{{ test_result }}" test_case_message: "{{ ansible_failed_result }}" test_case_hostname: "{{ virtual_host }}" + test_case_var_log_messages: "{{ ha_cluster_config_snapshot | default('Cluster configuration snapshot unavailable') }}" - name: "Post Telemetry Data" ansible.builtin.include_tasks: "roles/misc/tasks/post-telemetry-data.yml" diff --git a/src/vars/input-api.yaml b/src/vars/input-api.yaml index b5ac4e81..965bf6d5 100644 --- a/src/vars/input-api.yaml +++ b/src/vars/input-api.yaml @@ -315,3 +315,7 @@ commands: - name: ascs_resource_unmigrate_cmd SUSE: "crm resource clear {{ cluster_status_pre.ascs_resource_id | default('rsc_sap_' ~ sap_sid ~ '_ASCS' ~ scs_instance_number) }}" REDHAT: "pcs resource clear {{ cluster_status_pre.ascs_resource_id | default('rsc_sap_' ~ sap_sid ~ '_ASCS' ~ scs_instance_number) }}" + + - name: ha_cluster_config_dump + SUSE: "crm config show" + REDHAT: "pcs config show" From 435387d25eca8aa63cf4cd7644af7eebfa8dbc68 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Tue, 25 Nov 2025 22:37:18 +0000 Subject: [PATCH 2/6] Add WORKSPACES_DIR parameter to vars.yaml and update script references --- scripts/sap_automation_qa.sh | 23 ++++++++++++++++------- vars.yaml | 5 +++++ 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 89c4d555..cf9e5f52 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -178,6 +178,15 @@ validate_params() { log "ERROR" "Error: The following parameters cannot be empty: ${missing_params[*]}" exit 1 fi + + WORKSPACES_DIR=$(grep "^WORKSPACES_DIR:" "$VARS_FILE" | awk '{split($0,a,": "); print a[2]}' | xargs) + if [[ -z "$WORKSPACES_DIR" ]]; then + WORKSPACES_DIR="WORKSPACES" + log "INFO" "WORKSPACES_DIR not set in vars.yaml, using default: $WORKSPACES_DIR" + else + log "INFO" "WORKSPACES_DIR: $WORKSPACES_DIR" + fi + export WORKSPACES_DIR } # Extract the error message from a command's output. @@ -403,7 +412,7 @@ run_ansible_playbook() { command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder' $extra_vars" else - local ssh_key_dir="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME" + local ssh_key_dir="${cmd_dir}/../$WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME" local ssh_key="" local extensions=("ppk" "pem" "key" "private" "rsa" "ed25519" "ecdsa" "dsa" "") @@ -429,7 +438,7 @@ run_ansible_playbook() { fi check_file_exists "$ssh_key" \ - "SSH key file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory. Looked for files with patterns: ssh_key.*, *ssh_key*" + "SSH key file not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory. Looked for files with patterns: ssh_key.*, *ssh_key*" chmod 600 "$ssh_key" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ @@ -449,9 +458,9 @@ run_ansible_playbook() { --extra-vars 'ansible_ssh_pass=$(cat $temp_file)' --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder' $extra_vars" else - local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" + local password_file="${cmd_dir}/../$WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME/password" check_file_exists "$password_file" \ - "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + "password file not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory." command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars 'ansible_ssh_pass=$(cat $password_file)' --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder' $extra_vars" @@ -509,7 +518,7 @@ main() { validate_params # Check if the SYSTEM_HOSTS and SYSTEM_PARAMS directory exists inside WORKSPACES/SYSTEM folder - SYSTEM_CONFIG_FOLDER="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME" + SYSTEM_CONFIG_FOLDER="${cmd_dir}/../$WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME" SYSTEM_HOSTS="$SYSTEM_CONFIG_FOLDER/hosts.yaml" SYSTEM_PARAMS="$SYSTEM_CONFIG_FOLDER/sap-parameters.yaml" TEST_TIER=$(echo "$TEST_TIER" | tr '[:upper:]' '[:lower:]') @@ -519,9 +528,9 @@ main() { log "INFO" "Using Authentication Type: $AUTHENTICATION_TYPE." check_file_exists "$SYSTEM_HOSTS" \ - "hosts.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + "hosts.yaml not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory." check_file_exists "$SYSTEM_PARAMS" \ - "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + "sap-parameters.yaml not found in $WORKSPACES_DIR/SYSTEM/$SYSTEM_CONFIG_NAME directory." if [[ "$OFFLINE_MODE" == "true" ]]; then local crm_report_dir="$SYSTEM_CONFIG_FOLDER/offline_validation" diff --git a/vars.yaml b/vars.yaml index c177c393..9d80d2db 100644 --- a/vars.yaml +++ b/vars.yaml @@ -15,6 +15,11 @@ SAP_FUNCTIONAL_TEST_TYPE: DatabaseHighAvailability # SAP System Configuration # String: Name of the SAP system configuration to be tested (Location: WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00 directory) SYSTEM_CONFIG_NAME: DEV-WEEU-SAP01-X00 + +# Workspaces Directory +# String: Directory containing the WORKSPACES (default: WORKSPACES) +WORKSPACES_DIR: WORKSPACES + # Choose the type of authentication you configured for a local account on the SAP VMs. # String: VMPASSWORD SSHKEY AUTHENTICATION_TYPE: SSHKEY From 5f97c0e95adeee806826aecd9f8cedbb4a64b8df Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 1 Dec 2025 23:16:12 +0000 Subject: [PATCH 3/6] Update workflows and dependencies for improved security and functionality --- .github/workflows/codeql.yml | 8 +++--- .github/workflows/dependency-review.yml | 2 +- .github/workflows/ossf-scoreboard.yml | 4 +-- .github/workflows/trivy.yml | 4 +-- requirements.txt | 38 ++++++++++++------------- tests/roles/ha_scs/ha_config_test.py | 10 +++++-- 6 files changed, 35 insertions(+), 31 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5a2e8a50..3be10050 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,17 +43,17 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Initialize CodeQL - uses: github/codeql-action/init@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20 + uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20 + uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20 + uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1b495dbc..a4beee85 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,6 +22,6 @@ jobs: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: 'Dependency Review' uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/ossf-scoreboard.yml b/.github/workflows/ossf-scoreboard.yml index ff5d14f7..4f88b472 100644 --- a/.github/workflows/ossf-scoreboard.yml +++ b/.github/workflows/ossf-scoreboard.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -52,6 +52,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 0ed1d400..83b353b3 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -23,7 +23,7 @@ jobs: egress-policy: audit - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Run Trivy vulnerability scanner (file system) uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 @@ -36,7 +36,7 @@ jobs: output: report-fs.sarif - name: Upload Trivy report (fs) GitHub Security - uses: github/codeql-action/upload-sarif@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20 + uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: sarif_file: report-fs.sarif category: 'fs' diff --git a/requirements.txt b/requirements.txt index 010ddca4..6e24736b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,18 +4,18 @@ # # pip-compile requirements.in # -ansible-compat==25.8.2 +ansible-compat==25.11.0 # via ansible-lint ansible-core==2.17.14 # via # -r requirements.in # ansible-compat # ansible-lint -ansible-lint==25.9.2 +ansible-lint==25.11.1 # via -r requirements.in ansible-runner==2.4.2 # via -r requirements.in -astroid==4.0.1 +astroid==4.0.2 # via pylint attrs==25.4.0 # via @@ -33,35 +33,35 @@ azure-identity==1.25.1 # via # -r requirements.in # azure-kusto-data -azure-kusto-data==5.0.5 +azure-kusto-data==6.0.0 # via # -r requirements.in # azure-kusto-ingest -azure-kusto-ingest==5.0.5 +azure-kusto-ingest==6.0.0 # via -r requirements.in -azure-mgmt-compute==37.0.1 +azure-mgmt-compute==37.1.0 # via -r requirements.in azure-mgmt-core==1.6.0 # via # azure-mgmt-compute # azure-mgmt-network -azure-mgmt-network==30.0.0 +azure-mgmt-network==30.1.0 # via -r requirements.in -azure-storage-blob==12.23.0 +azure-storage-blob==12.26.0 # via # -r requirements.in # azure-kusto-ingest -azure-storage-queue==12.12.0 +azure-storage-queue==12.13.0 # via # -r requirements.in # azure-kusto-ingest -black==25.9.0 +black==25.11.0 # via # -r requirements.in # ansible-lint bracex==2.6 # via wcmatch -certifi==2025.10.5 +certifi==2025.11.12 # via # msrest # requests @@ -71,11 +71,11 @@ cffi==2.0.0 # cryptography charset-normalizer==3.4.4 # via requests -click==8.3.0 +click==8.3.1 # via # -r requirements.in # black -coverage[toml]==7.11.0 +coverage[toml]==7.12.0 # via # -r requirements.in # pytest-cov @@ -92,7 +92,7 @@ dill==0.4.0 # via pylint distro==1.9.0 # via ansible-lint -exceptiongroup==1.3.0 +exceptiongroup==1.3.1 # via pytest filelock==3.20.0 # via ansible-lint @@ -189,9 +189,9 @@ pyjwt[crypto]==2.10.1 # via # msal # pyjwt -pylint==4.0.2 +pylint==4.0.4 # via -r requirements.in -pytest==8.4.2 +pytest==9.0.1 # via # -r requirements.in # pytest-cov @@ -206,7 +206,7 @@ python-dateutil==2.9.0.post0 # via # azure-kusto-data # pandas -pytokens==0.2.0 +pytokens==0.3.0 # via black pytz==2025.2 # via pandas @@ -237,13 +237,13 @@ resolvelib==1.0.1 # via ansible-core rich==14.2.0 # via -r requirements.in -rpds-py==0.28.0 +rpds-py==0.30.0 # via # jsonschema # referencing ruamel-yaml==0.18.16 # via ansible-lint -ruamel-yaml-clib==0.2.14 +ruamel-yaml-clib==0.2.15 # via # ansible-lint # ruamel-yaml diff --git a/tests/roles/ha_scs/ha_config_test.py b/tests/roles/ha_scs/ha_config_test.py index 3cc0cedc..03560bad 100644 --- a/tests/roles/ha_scs/ha_config_test.py +++ b/tests/roles/ha_scs/ha_config_test.py @@ -45,6 +45,12 @@ def test_environment(self, ansible_inventory): :ytype: str """ + commands = [ + { + "name": "ha_cluster_config_dump", + "SUSE": "crm configure show", + } + ] temp_dir = self.setup_test_environment( role_type="ha_scs", ansible_inventory=ansible_inventory, @@ -58,9 +64,7 @@ def test_environment(self, ansible_inventory): "bin/crm_resource", "bin/crm", ], - extra_vars_override={ - "node_tier": "scs", - }, + extra_vars_override={"node_tier": "scs", "commands": commands}, ) os.makedirs(f"{temp_dir}/project/roles/ha_scs/tasks/files", exist_ok=True) From 72f71b0c55c5f209103bd833e99658985ec6ae83 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Wed, 3 Dec 2025 23:19:28 +0000 Subject: [PATCH 4/6] Update actions/checkout to version 6.0.1 across workflow files --- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/github-actions-ansible-lint.yml | 2 +- .github/workflows/github-actions-code-coverage.yml | 2 +- .github/workflows/ossf-scoreboard.yml | 2 +- .github/workflows/trivy.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3be10050..84672dae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -43,7 +43,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Initialize CodeQL uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index a4beee85..1af7e8a7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,6 +22,6 @@ jobs: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: 'Dependency Review' uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/github-actions-ansible-lint.yml b/.github/workflows/github-actions-ansible-lint.yml index b2fe8a73..a9785339 100644 --- a/.github/workflows/github-actions-ansible-lint.yml +++ b/.github/workflows/github-actions-ansible-lint.yml @@ -14,7 +14,7 @@ jobs: egress-policy: audit - name: Checkout the code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Python uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 #v5.4.0 diff --git a/.github/workflows/github-actions-code-coverage.yml b/.github/workflows/github-actions-code-coverage.yml index ebc7c601..14575ea3 100644 --- a/.github/workflows/github-actions-code-coverage.yml +++ b/.github/workflows/github-actions-code-coverage.yml @@ -14,7 +14,7 @@ jobs: egress-policy: audit - name: Checkout the code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 - name: Setup Python uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 #v5.4.0 diff --git a/.github/workflows/ossf-scoreboard.yml b/.github/workflows/ossf-scoreboard.yml index 4f88b472..7518318f 100644 --- a/.github/workflows/ossf-scoreboard.yml +++ b/.github/workflows/ossf-scoreboard.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 83b353b3..75fb8e71 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -23,7 +23,7 @@ jobs: egress-policy: audit - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run Trivy vulnerability scanner (file system) uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 From fe926b449cdb61a5ce9525ee14b249c42e93a16f Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 8 Dec 2025 18:16:28 +0000 Subject: [PATCH 5/6] Update dependencies in requirements.txt for compatibility and security --- requirements.txt | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/requirements.txt b/requirements.txt index 6e24736b..3c39a97e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,16 +2,16 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile requirements.in +# pip-compile ./requirements.in # -ansible-compat==25.11.0 +ansible-compat==25.12.0 # via ansible-lint ansible-core==2.17.14 # via # -r requirements.in # ansible-compat # ansible-lint -ansible-lint==25.11.1 +ansible-lint==25.12.0 # via -r requirements.in ansible-runner==2.4.2 # via -r requirements.in @@ -55,7 +55,7 @@ azure-storage-queue==12.13.0 # via # -r requirements.in # azure-kusto-ingest -black==25.11.0 +black==25.12.0 # via # -r requirements.in # ansible-lint @@ -75,7 +75,7 @@ click==8.3.1 # via # -r requirements.in # black -coverage[toml]==7.12.0 +coverage[toml]==7.13.0 # via # -r requirements.in # pytest-cov @@ -100,8 +100,6 @@ idna==3.11 # via requests ijson==3.4.0.post0 # via azure-kusto-data -importlib-metadata==8.7.0 - # via ansible-lint iniconfig==2.3.0 # via pytest isodate==0.7.2 @@ -169,7 +167,7 @@ pathspec==0.12.1 # yamllint pexpect==4.9.0 # via ansible-runner -platformdirs==4.5.0 +platformdirs==4.5.1 # via # black # pylint @@ -191,7 +189,7 @@ pyjwt[crypto]==2.10.1 # pyjwt pylint==4.0.4 # via -r requirements.in -pytest==9.0.1 +pytest==9.0.2 # via # -r requirements.in # pytest-cov @@ -278,11 +276,9 @@ typing-extensions==4.15.0 # referencing tzdata==2025.2 # via pandas -urllib3==2.5.0 +urllib3==2.6.1 # via requests wcmatch==10.1 # via ansible-lint yamllint==1.37.1 # via ansible-lint -zipp==3.23.0 - # via importlib-metadata From f6379888d9e13738aff2c7764405364ce7ca5da0 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 8 Dec 2025 18:38:24 +0000 Subject: [PATCH 6/6] Bump version to 1.0.1 and update changelog with release details --- VERSION | 2 +- docs/CHANGELOG.md | 5 +++++ src/modules/configuration_check_module.py | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index afaf360d..7f207341 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.0 \ No newline at end of file +1.0.1 \ No newline at end of file diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 79d3cfda..7121a5e5 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -2,6 +2,11 @@ All notable changes to this project will be documented in this file. +## 1.0.1 +Release Date: 12-09-2025 +1. CI/CD Workflow Upgrades: +2. HA constants, validation logic updates and validation enhancements +3. SAP Automation Script Improvements ## 1.0.0 Release Date: 11-04-2025 diff --git a/src/modules/configuration_check_module.py b/src/modules/configuration_check_module.py index c24bacf2..dda1506d 100644 --- a/src/modules/configuration_check_module.py +++ b/src/modules/configuration_check_module.py @@ -997,7 +997,7 @@ def run(self): "duration_seconds": execution_duration, "total_checks_attempted": len(self.checks), "checks_completed": len(result.get("check_results", [])), - "python_module_version": "1.0.0", + "python_module_version": "1.0.1", "execution_mode": ( "parallel" if self.module_params.get("parallel_execution", False)