saltext.sap_nwabap._states.sap_nwabap#
SaltStack extension for SAP NetWeaver Copyright (C) 2022 SAP UCC Magdeburg
SAP NetWeaver AS ABAP state module#
SaltStack module that implements SAP NetWeaver states based on the SAP NetWeaver RFC SDK.
- codeauthor
Benjamin Wegener, Alexander Wilke
- maturity
new
- depends
pyrfc
- platform
All
This module implements states for SAP NetWeaver utilizing the SAP NetWeaver RFC SDK and the
python wrapper pyrfc
. The states uses SAP function modules to read the current state
of the system and write new information back.
Warning
Not all function modules are supported by SAP, meaning that the can be removed by SAP at any time or in case of errors, they might not be fixed.
- saltext.sap_nwabap._states.sap_nwabap.__virtual__()[source]#
Only load this module if all libraries are available.
- saltext.sap_nwabap._states.sap_nwabap.icm_notified(name, sid, client, message_server_host, message_server_port, logon_group, username, password, invalidate_cache=True, reset_ni_buffer=True)[source]#
Notify the ICM that a PSE has changed and refresh caches if required
- name:
Name of the PSE file, e.g.
SAPSSLS.pse
.- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
- invalidate_cache
Boolean if the ICM cache should be invalidated, default is
True
.- reset_ni_buffer
Boolean if the network interface buffer should be reset, default is
True
.
Note
If the
SAP_BASIS
release of the system is <= 701, you need to restart the ICM.Example:
ICM on S4H is notified on changes to SSLS PSEs: sap_nwabap.icm_notified: - name: SAPSSLS.pse - invalidate_cache: True - reset_ni_buffer: True - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
- saltext.sap_nwabap._states.sap_nwabap.icm_restarted(name, sid, client, message_server_host, message_server_port, logon_group, username, password, restart_mode='soft')[source]#
Ensure that the ICM is restarted
- name:
An arbitrary string.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
- restart_mode
Restart mode, either
soft
orhard
, default issoft
.
Example:
ICM on S4H is restarted on changes to SSLS PSEs: sap_nwabap.icm_restarted: - name: ICM restarted - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT") - restart_mode: hard
- saltext.sap_nwabap._states.sap_nwabap.user_present(name, sid, client, message_server_host, message_server_port, logon_group, username, password, user_password=None, attributes=None, roles=None, profiles=None, unlock_user=True, **kwargs)[source]#
Ensures that a user is present in the SAP system.
- name
Username.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
- user_password
Password for the user. If None, no one will be set.
- attributes
All attributes of the user object as a dictionary (see below).
- roles
List of roles to assign to the user; list of dictionaries:
- name: <role name> valid_from: <date string> # default is today valid_to: <date string> # default 31-12-9999 - name: Z_MY_ROLE_1 - name: Z_MY_ROLE_2 valid_from: 30-11-2000 valid_to: 99991231
- profiles
List of profiles to assign to the user (list of strings).
- unlock_user
True|False
if the user should be unlocked, default isTrue
.
The dictionary provided over
attributes
must look like the following. Alternativly, the SAP struct names (see constantUSER_MAPPING
) can be used. Both upper- and lowercase are supported.address_data: address_number: <value> address_notes: <value> birth_name: <value> building_code_long: <value> building_code: <value> building_code_p: <value> co_name: <value> city_file_status: <value> city: <value> city_code: <value> communication_method: <value> country_key: <value> country_key_iso: <value> county: <value> county_code: <value> delivery_service_number: <value> delivery_service_type: <value> post_delivery_district: <value> department: <value> district_code: <value> district: <value> po_box_address: <value> street_address: <value> email: <value> fax_number_extension: <value> fax_number: <value> first_name: <value> building_floor: <value> building_floor_p: <value> full_name: <value> full_name_status: <value> function: <value> home_city: <value> home_city_code: <value> house_number: <value> house_number_supplement: <value> house_numer_range: <value> postal_code_internal: <value> initials: <value> short_name: <value> language_key: <value> language_record_creation: <value> language_key_sap: <value> language_key_p: <value> language_key_sap_cp: <value> language_key_sap_p: <value> last_name: <value> location: <value> middle_name: <value> name_country_format_rule: <value> name: <value> name_2: <value> name_3: <value> name_4: <value> name_format: <value> nickname: <value> po_box_city_code: <value> postal_code_extension_1: <value> postal_code_extension_2: <value> postal_code_extension_3: <value> person_number: <value> po_box: <value> po_box_city: <value> po_box_lobby: <value> po_box_region: <value> po_country_iso: <value> po_box_no_number_flag: <value> po_box_country: <value> postal_code: <value> po_postal_code: <value> company_postal_code: <value> name_prefix_1: <value> name_prefix_2: <value> regional_structure_grouping: <value> region: <value> apartment_number: <value> apartment_number_p: <value> second_name: <value> search_term_1: <value> search_term_1_p: <value> search_term_2: <value> search_term_2_p: <value> street_abbreviation: <value> street_supplement_1: <value> street_supplement_2: <value> street_supplement_3: <value> street: <value> street_number: <value> tax_jurisdiction: <value> tel_number_extension: <value> tel_number: <value> address_time_zone: <value> title_text: <value> academic_title_1: <value> academic_title_2: <value> title_p: <value> name_supplement: <value> township: <value> township_code: <value> transpzone: <value> business_purpose_flag: <value> username_alias: useralias: <value> cua_redistribution: <value> company: company_address: <value> user_defaults: catt_test_status: <value> date_format: <value> decimal_format: <value> user_defaults: <value> cost_center: <value> logon_language: <value> print_param_3: <value> print_param_2: <value> spool_output_device: <value> print_param_1: <value> start_menu: <value> start_menu_old: <value> time_format: <value> description: tech_user_account_responsible: <value> techdesc: <value> external_id_change_indicator: external_id: <value> logon_data: account_id: <value> pwd_hash_key: <value> user_group: <value> pwd_hash_code_version_c: <value> pwd_hash_version: <value> pwd_hash_code_version_s: <value> user_valid_to: <value> user_valid_from: <value> last_logon_time: <value> pwd_hash_value_sha1: <value> pwd_hash_value: <value> security_policy: <value> time_zone: <value> user_type: <value> reference_user: reference_username: <value> snc: snc_allow_pw_logon: <value> snc_printable_name: <value> user_classification: chargable_user: <value> client: <value> country_surcharge: <value> license_type: <value> user_class_special_version: <value> substitute_from: <value> substitute_until: <value> system_id: <value> user_classification: <value>
Warning
This state will not check if the inputs in terms of user data are valid!
Example:
Technical user SALT for SAP system S4H / client 000 is present: sap_nwabap.user_present: - name: SALT - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: DDIC - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="DDIC") - user_password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT") - attributes: logon_data: user_type: B user_valid_to: "99991231" address_data: first_name: SALT_SERVICE_USER last_name: SALT_SERVICE_USER - roles: - name: Z_SALT_ROLE valid_to: 99991231 - profiles: - SAP_ALL - unlock_user: True
- saltext.sap_nwabap._states.sap_nwabap.user_absent(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#
Ensure that a user is absent in the system.
- name
Username.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Example:
Technical user SALT for SAP system S4H / client 000 is absent: sap_nwabap.user_absent: - name: SALT - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: DDIC - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="DDIC")
- saltext.sap_nwabap._states.sap_nwabap.user_password_productive(name, sid, client, message_server_host, message_server_port, logon_group, username, password, user_password, **kwargs)[source]#
Ensure that the given password is set as productive for the user
- name
Username.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
- user_password
Password for the user.
Example:
Password for user MMUSTERMANN is productive: sap_nwabap.user_absent: - name: MMUSTERMANN - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT") - user_password: Abcd1234!
- saltext.sap_nwabap._states.sap_nwabap.pse_uploaded(name, sid, client, message_server_host, message_server_port, logon_group, username, password, pse_owner, pin=None, pse_type=None, context=None, applic=None, pse_name=None, **kwargs)[source]#
Ensures that a PSE is uploaded to the SAP system. Before the upload takes place, the PSE on the filesystem and the PSE in STRUST will be compared.
- name
Filepath of the PSE Filepath
- pin
PIN of the PSE file, default is
None
.- pse_owner
Owner of the PSE file.
- pse_type
PSE type, either
SSLS
,SSLC
,SSLA
orNone
. IfNone
(default), the argumentscontext
andapplic
must be set.- context
See function module
SSFPSE_FILENAME
for possible values.- applic
See function module
SSFPSE_FILENAME
for possible values.- pse_name
Name for the PSE resulting from
context
andapplic
.- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Warning
This function module does not correctly set the PIN for the ASCS instance PSE after upload, leaving the system in an inconsistent state. SAP will not fix this issue (function module is not released to customer), so DO NOT use this function module if you have PIN-protected PSE files. Note that there are currently no remote-enabled function modules to set PSE PINs in STRUST.
Example:
SAP NetWeaver AS ABAP S4H SSLS PSE is uploaded: sap_nwabap.pse_uploaded: - name: /usr/sap/S4H/SYS/sec/SAPSSLS.pse - pse_owner: s4hadm - pse_type: SSLS - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT") - user_password: Abcd1234!
- saltext.sap_nwabap._states.sap_nwabap.rfc_dest_present(name, sid, client, message_server_host, message_server_port, logon_group, username, password, dest_type=None, dest_password=None, keep_password=True, keep_proxy_password=True, **kwargs)[source]#
Ensures that an RFC destination is present in the SAP system.
- name
Name of the RFC destination.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
- dest_type
Type of the destination, required for creation. Can be one of:
H
,G
,L
,3
,T
- dest_password
Password to set for the connection.
- keep_password
<True|False>
if the password should be kept on update (if no explicit password is given).- keep_proxy_password
<True|False>
if the proxy password should be kept on update (if no explicit password is given).
Next to these arguments, additional kwargs can be used to set attributes in the RFC destination. The following kwargs are recognized and can be used in upper- and lowercase, depending on the RFC destination type:
accept_cookie: <value> arfc_active: <value> arfc_cycle: <value> arfc_method: <value> assertion_ticket: <value> assertion_ticket_client: <value> assertion_ticket_sysid: <value> authorization_parameter: <value> basxml_active: <value> callback_whitelist: <value> callback_whitelist_active: <value> category: <value> client_codepage_active: <value> compress_reply: <value> conversion_bytes: <value> conversion_mode: <value> cpic_timeout: <value> description: <value> enable_trace: <value> explicit_codepage: <value> explicit_codepage_active: <value> export_trace: <value> gateway_host: <value> gateway_service: <value> group_name: <value> http_compress: <value> http_timeout: <value> http_version: <value> keep_password: <value> keep_proxy_password: <value> keepalive_timeout: <value> language_codepage_active: <value> load_balancing: <value> logon_client: <value> logon_language: <value> logon_method: <value> logon_user: <value> logon_user_254: logon_user_254, mdmp_list: <value> mdmp_settings_active: <value> method: <value> name: <value> path_prefix: <value> program: <value> proxy_server: <value> proxy_service_number: <value> proxy_user: <value> qrfc_version: <value> reference: <value> rfc_bitmap: <value> rfc_wan: <value> rfclogon_gui: <value> same_user: <value> save_as_hostname: <value> server_name: <value> service_number: <value> snc_active: <value> snc_parameter: <value> ssl_active: <value> ssl_application: <value> sso_ticket: <value> start_type: <value> system_identifier: <value> system_number: <value> trace_settings: <value> trfc_bg_delay: <value> trfc_bg_repetitions: <value> trfc_bg_supress: <value> trusted_system: <value> ui_lock: <value> unicode_bytes: <value> update_all: <value> update_fields: <value>
Example:
SM_SOLCLNT100_BACK is adapted for SAP NetWeaver AS ABAP system S4H: sap_nwabap.rfc_dest_present: - name: SM_SOLCLNT100_BACK - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT") - dest_type: 3 - server_name: /H/saprouter.my.domain.de/S/3299/H/sol
- saltext.sap_nwabap._states.sap_nwabap.rfc_dest_absent(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#
Ensures that an RFC destination is absent in the SAP system.
- name
Name of the RFC destination.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Example:
SM_SOLCLNT100_BACK is absent from SAP NetWeaver AS ABAP system S4H: sap_nwabap.rfc_dest_absent: - name: SM_SOLCLNT100_BACK - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
- saltext.sap_nwabap._states.sap_nwabap.sld_config_present(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#
Ensure that an SLD configuration is present in the system.
- name
Name of the SLD RFC destination.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Example:
SLD config is present on S4H: sap_nwabap.sld_config_present: - name: SLD_DS_TARGET - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
- saltext.sap_nwabap._states.sap_nwabap.sld_data_transfered(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#
Runs the report RSLDAGDS that triggers the SLD data transfer.
- name
Name of the SLD RFC destination.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Note
This state will always produce changes.
Example:
SLD data is transfered for S4H: sap_nwabap.sld_data_transfered: - name: SLD_DS_TARGET - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
- saltext.sap_nwabap._states.sap_nwabap.job_present(name, jobclass, header, steps, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#
Ensure that a job is present in the SAP system.
- name
Name of the job.
- jobclass
Class of the job, on of:
A
,B
,C
- header
Header of the job.
- steps
List of job steps.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
The dictionary provided over
header
must look like the SAP struct names or human readable names for job headers (see constantJOB_HEADER_MAPPING
):# Attribute Name
SAP Field
Description
planned_start_date
SDLSTRTDT
Planned start date for background job
planned_start_time
SDLSTRTTM
Planned start time for background job
last_start_date
LASTSTRTDT
Latest execution date for a background job
last_start_time
LASTSTRTTM
Latest execution time for background job
predecessor_job_name
PREDJOB
Name of previous job
predecessor_job_id
PREDJOBCNT
Job ID
job_status_check
CHECKSTAT
Job status check indicator for subsequent job start
event_id
EVENTID
Background processing event
event_param
EVENTPARM
Background event parameters (such as jobname/jobcount)
duration_min
PRDMINS
Duration period (in minutes) for a batch job
duration_hours
PRDHOURS
Duration period (in hours) for a batch job
duration_days
PRDDAYS
Duration (in days) of dba action
duration_weeks
PRDWEEKS
Duration period (in weeks) for a batch job
duration_months
PRDMONTHS
Duration period (in months) for a batch job
periodic
PERIODIC
Periodic jobs indicator
calendar_id
CALENDARID
Factory calendar id for background processing
can_start_immediately
IMSTRTPOS
Flag indicating whether job can be started immediately
periodic_behavior
PRDBEHAV
Period behavior of jobs on non-workdays
workday_number
WDAYNO
No. of workday on which a job is to start
workday_count_direction
WDAYCDIR
Count direction for ‘on workday’ start date of a job
not_run_before
NOTBEFORE
Planned start date for background job
operation_mode
OPMODE
Name of operation mode
logical_system
LOGSYS
Logical system
object_type
OBJTYPE
Object type
object_key
OBJKEY
Object key
describe_flag
DESCRIBE
Describe flag
target_server
TSERVER
Server name
target_host
THOST
Target system to run background job
target_server_group
TSRVGRP
Server group name background processing
The element of the list provided over
steps
must look like the SAP struct names or human readable names for job steps (see constantJOB_STEPS_MAPPING
):# Attribute Name
SAP Field
Description
program_name
ABAP_PROGRAM_NAME
ABAP program name
program_variant
ABAP_VARIANT_NAME
ABAP variant name
username
SAP_USER_NAME
SAP user name for authorization check
language
LANGUAGE
Language for list output
Note
This currently only supports ABAP job steps.
Example:
SLD job SAP_SLD_DATA_COLLECT is present on S4H: sap_nwabap.job_present: - name: SAP_SLD_DATA_COLLECT - jobclass: C - header: EVENTID: SAP_SYSTEM_START - steps: - ABAP_PROGRAM_NAME: RSLDAGDS - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
- saltext.sap_nwabap._states.sap_nwabap.job_absent(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#
Ensure that a job is absent in the system.
- name
Name of the job.
- sid
SID of the SAP system.
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Example:
SLD job SAP_SLD_DATA_COLLECT is absent on S4H: sap_nwabap.job_present: - name: SAP_SLD_DATA_COLLECT - sid: S4H - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
- saltext.sap_nwabap._states.sap_nwabap.system_health_ok(name, check_from, client, message_server_host, message_server_port, logon_group, username, password, max_allowed_dumps=0, **kwargs)[source]#
- Check the system health by checking:
Transaction
SICK
Short Dumps
- name
SID of the SAP system.
- check_from
- Date from which on the system health should be checked (e.g. for log entries)
in the format
DDMMYYYY
, e.g.31129999
or01012000
.
- max_allowed_dumps
Maximum number of allowed short dumps (default: 0).
- message_server_host
Host of the message server.
- message_server_port
Port of the message server.
- client
Client to connect to.
- logon_group
Logon group to use.
- username
Username to use for the connection.
- password
Password to use for the connection.
Example:
System healh is OK for SAP NetWeaver AS ABAP system S4H (ST22 / SICK): sap_nwabap.system_health_ok: - name: S4H - check_from: {{ None | strftime("%d%m%Y") }} {# renders to current date, e.g. 31082022 #} - client: "000" - message_server_host: s4h - message_server_port: 3600 - logon_group: SPACE - username: SALT - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
Note
This function does not implement
__opts__["test"]
since no data is changed.