saltext.sap_nwabap._states.sap_nwabap#

SaltStack extension for SAP NetWeaver Copyright (C) 2022 SAP UCC Magdeburg

SAP NetWeaver AS ABAP state module#

SaltStack module that implements SAP NetWeaver states based on the SAP NetWeaver RFC SDK.

codeauthor

Benjamin Wegener, Alexander Wilke

maturity

new

depends

pyrfc

platform

All

This module implements states for SAP NetWeaver utilizing the SAP NetWeaver RFC SDK and the python wrapper pyrfc. The states uses SAP function modules to read the current state of the system and write new information back.

Warning

Not all function modules are supported by SAP, meaning that the can be removed by SAP at any time or in case of errors, they might not be fixed.

saltext.sap_nwabap._states.sap_nwabap.__virtual__()[source]#

Only load this module if all libraries are available.

saltext.sap_nwabap._states.sap_nwabap.icm_notified(name, sid, client, message_server_host, message_server_port, logon_group, username, password, invalidate_cache=True, reset_ni_buffer=True)[source]#

Notify the ICM that a PSE has changed and refresh caches if required

name:

Name of the PSE file, e.g. SAPSSLS.pse.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

invalidate_cache

Boolean if the ICM cache should be invalidated, default is True.

reset_ni_buffer

Boolean if the network interface buffer should be reset, default is True.

Note

If the SAP_BASIS release of the system is <= 701, you need to restart the ICM.

Example:

ICM on S4H is notified on changes to SSLS PSEs:
  sap_nwabap.icm_notified:
    - name: SAPSSLS.pse
    - invalidate_cache: True
    - reset_ni_buffer: True
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
saltext.sap_nwabap._states.sap_nwabap.icm_restarted(name, sid, client, message_server_host, message_server_port, logon_group, username, password, restart_mode='soft')[source]#

Ensure that the ICM is restarted

name:

An arbitrary string.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

restart_mode

Restart mode, either soft or hard, default is soft.

Example:

ICM on S4H is restarted on changes to SSLS PSEs:
  sap_nwabap.icm_restarted:
    - name: ICM restarted
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
    - restart_mode: hard
saltext.sap_nwabap._states.sap_nwabap.user_present(name, sid, client, message_server_host, message_server_port, logon_group, username, password, user_password=None, attributes=None, roles=None, profiles=None, unlock_user=True, **kwargs)[source]#

Ensures that a user is present in the SAP system.

name

Username.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

user_password

Password for the user. If None, no one will be set.

attributes

All attributes of the user object as a dictionary (see below).

roles

List of roles to assign to the user; list of dictionaries:

- name: <role name>
  valid_from: <date string>  # default is today
  valid_to: <date string>    # default 31-12-9999
- name: Z_MY_ROLE_1
- name: Z_MY_ROLE_2
  valid_from: 30-11-2000
  valid_to: 99991231
profiles

List of profiles to assign to the user (list of strings).

unlock_user

True|False if the user should be unlocked, default is True.

The dictionary provided over attributes must look like the following. Alternativly, the SAP struct names (see constant USER_MAPPING) can be used. Both upper- and lowercase are supported.

address_data:
  address_number: <value>
  address_notes: <value>
  birth_name: <value>
  building_code_long: <value>
  building_code: <value>
  building_code_p: <value>
  co_name: <value>
  city_file_status: <value>
  city: <value>
  city_code: <value>
  communication_method: <value>
  country_key: <value>
  country_key_iso: <value>
  county: <value>
  county_code: <value>
  delivery_service_number: <value>
  delivery_service_type: <value>
  post_delivery_district: <value>
  department: <value>
  district_code: <value>
  district: <value>
  po_box_address: <value>
  street_address: <value>
  email: <value>
  fax_number_extension: <value>
  fax_number: <value>
  first_name: <value>
  building_floor: <value>
  building_floor_p: <value>
  full_name: <value>
  full_name_status: <value>
  function: <value>
  home_city: <value>
  home_city_code: <value>
  house_number: <value>
  house_number_supplement: <value>
  house_numer_range: <value>
  postal_code_internal: <value>
  initials: <value>
  short_name: <value>
  language_key: <value>
  language_record_creation: <value>
  language_key_sap: <value>
  language_key_p: <value>
  language_key_sap_cp: <value>
  language_key_sap_p: <value>
  last_name: <value>
  location: <value>
  middle_name: <value>
  name_country_format_rule: <value>
  name: <value>
  name_2: <value>
  name_3: <value>
  name_4: <value>
  name_format: <value>
  nickname: <value>
  po_box_city_code: <value>
  postal_code_extension_1: <value>
  postal_code_extension_2: <value>
  postal_code_extension_3: <value>
  person_number: <value>
  po_box: <value>
  po_box_city: <value>
  po_box_lobby: <value>
  po_box_region: <value>
  po_country_iso: <value>
  po_box_no_number_flag: <value>
  po_box_country: <value>
  postal_code: <value>
  po_postal_code: <value>
  company_postal_code: <value>
  name_prefix_1: <value>
  name_prefix_2: <value>
  regional_structure_grouping: <value>
  region: <value>
  apartment_number: <value>
  apartment_number_p: <value>
  second_name: <value>
  search_term_1: <value>
  search_term_1_p: <value>
  search_term_2: <value>
  search_term_2_p: <value>
  street_abbreviation: <value>
  street_supplement_1: <value>
  street_supplement_2: <value>
  street_supplement_3: <value>
  street: <value>
  street_number: <value>
  tax_jurisdiction: <value>
  tel_number_extension: <value>
  tel_number: <value>
  address_time_zone: <value>
  title_text: <value>
  academic_title_1: <value>
  academic_title_2: <value>
  title_p: <value>
  name_supplement: <value>
  township: <value>
  township_code: <value>
  transpzone: <value>
  business_purpose_flag: <value>
username_alias:
  useralias: <value>
cua_redistribution: <value>
company:
  company_address: <value>
user_defaults:
  catt_test_status: <value>
  date_format: <value>
  decimal_format: <value>
  user_defaults: <value>
  cost_center: <value>
  logon_language: <value>
  print_param_3: <value>
  print_param_2: <value>
  spool_output_device: <value>
  print_param_1: <value>
  start_menu: <value>
  start_menu_old: <value>
  time_format: <value>
  description:
    tech_user_account_responsible: <value>
    techdesc: <value>
external_id_change_indicator:
  external_id: <value>
logon_data:
  account_id: <value>
  pwd_hash_key: <value>
  user_group: <value>
  pwd_hash_code_version_c: <value>
  pwd_hash_version: <value>
  pwd_hash_code_version_s: <value>
  user_valid_to: <value>
  user_valid_from: <value>
  last_logon_time: <value>
  pwd_hash_value_sha1: <value>
  pwd_hash_value: <value>
  security_policy: <value>
  time_zone: <value>
  user_type: <value>
reference_user:
  reference_username: <value>
snc:
  snc_allow_pw_logon: <value>
  snc_printable_name: <value>
user_classification:
  chargable_user: <value>
  client: <value>
  country_surcharge: <value>
  license_type: <value>
  user_class_special_version: <value>
  substitute_from: <value>
  substitute_until: <value>
  system_id: <value>
  user_classification: <value>

Warning

This state will not check if the inputs in terms of user data are valid!

Example:

Technical user SALT for SAP system S4H / client 000 is present:
  sap_nwabap.user_present:
    - name: SALT
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: DDIC
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="DDIC")
    - user_password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
    - attributes:
        logon_data:
          user_type: B
          user_valid_to: "99991231"
        address_data:
          first_name: SALT_SERVICE_USER
          last_name: SALT_SERVICE_USER
    - roles:
      - name: Z_SALT_ROLE
        valid_to: 99991231
    - profiles:
      - SAP_ALL
    - unlock_user: True
saltext.sap_nwabap._states.sap_nwabap.user_absent(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#

Ensure that a user is absent in the system.

name

Username.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Example:

Technical user SALT for SAP system S4H / client 000 is absent:
  sap_nwabap.user_absent:
    - name: SALT
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: DDIC
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="DDIC")
saltext.sap_nwabap._states.sap_nwabap.user_password_productive(name, sid, client, message_server_host, message_server_port, logon_group, username, password, user_password, **kwargs)[source]#

Ensure that the given password is set as productive for the user

name

Username.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

user_password

Password for the user.

Example:

Password for user MMUSTERMANN is productive:
  sap_nwabap.user_absent:
    - name: MMUSTERMANN
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
    - user_password: Abcd1234!
saltext.sap_nwabap._states.sap_nwabap.pse_uploaded(name, sid, client, message_server_host, message_server_port, logon_group, username, password, pse_owner, pin=None, pse_type=None, context=None, applic=None, pse_name=None, **kwargs)[source]#

Ensures that a PSE is uploaded to the SAP system. Before the upload takes place, the PSE on the filesystem and the PSE in STRUST will be compared.

name

Filepath of the PSE Filepath

pin

PIN of the PSE file, default is None.

pse_owner

Owner of the PSE file.

pse_type

PSE type, either SSLS, SSLC, SSLA or None. If None (default), the arguments context and applic must be set.

context

See function module SSFPSE_FILENAME for possible values.

applic

See function module SSFPSE_FILENAME for possible values.

pse_name

Name for the PSE resulting from context and applic.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Warning

This function module does not correctly set the PIN for the ASCS instance PSE after upload, leaving the system in an inconsistent state. SAP will not fix this issue (function module is not released to customer), so DO NOT use this function module if you have PIN-protected PSE files. Note that there are currently no remote-enabled function modules to set PSE PINs in STRUST.

Example:

SAP NetWeaver AS ABAP S4H SSLS PSE is uploaded:
  sap_nwabap.pse_uploaded:
    - name: /usr/sap/S4H/SYS/sec/SAPSSLS.pse
    - pse_owner: s4hadm
    - pse_type: SSLS
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
    - user_password: Abcd1234!
saltext.sap_nwabap._states.sap_nwabap.rfc_dest_present(name, sid, client, message_server_host, message_server_port, logon_group, username, password, dest_type=None, dest_password=None, keep_password=True, keep_proxy_password=True, **kwargs)[source]#

Ensures that an RFC destination is present in the SAP system.

name

Name of the RFC destination.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

dest_type

Type of the destination, required for creation. Can be one of: H, G, L, 3, T

dest_password

Password to set for the connection.

keep_password

<True|False> if the password should be kept on update (if no explicit password is given).

keep_proxy_password

<True|False> if the proxy password should be kept on update (if no explicit password is given).

Next to these arguments, additional kwargs can be used to set attributes in the RFC destination. The following kwargs are recognized and can be used in upper- and lowercase, depending on the RFC destination type:

accept_cookie: <value>
arfc_active: <value>
arfc_cycle: <value>
arfc_method: <value>
assertion_ticket: <value>
assertion_ticket_client: <value>
assertion_ticket_sysid: <value>
authorization_parameter: <value>
basxml_active: <value>
callback_whitelist: <value>
callback_whitelist_active: <value>
category: <value>
client_codepage_active: <value>
compress_reply: <value>
conversion_bytes: <value>
conversion_mode: <value>
cpic_timeout: <value>
description: <value>
enable_trace: <value>
explicit_codepage: <value>
explicit_codepage_active: <value>
export_trace: <value>
gateway_host: <value>
gateway_service: <value>
group_name: <value>
http_compress: <value>
http_timeout: <value>
http_version: <value>
keep_password: <value>
keep_proxy_password: <value>
keepalive_timeout: <value>
language_codepage_active: <value>
load_balancing: <value>
logon_client: <value>
logon_language: <value>
logon_method: <value>
logon_user: <value>
logon_user_254: logon_user_254,
mdmp_list: <value>
mdmp_settings_active: <value>
method: <value>
name: <value>
path_prefix: <value>
program: <value>
proxy_server: <value>
proxy_service_number: <value>
proxy_user: <value>
qrfc_version: <value>
reference: <value>
rfc_bitmap: <value>
rfc_wan: <value>
rfclogon_gui: <value>
same_user: <value>
save_as_hostname: <value>
server_name: <value>
service_number: <value>
snc_active: <value>
snc_parameter: <value>
ssl_active: <value>
ssl_application: <value>
sso_ticket: <value>
start_type: <value>
system_identifier: <value>
system_number: <value>
trace_settings: <value>
trfc_bg_delay: <value>
trfc_bg_repetitions: <value>
trfc_bg_supress: <value>
trusted_system: <value>
ui_lock: <value>
unicode_bytes: <value>
update_all: <value>
update_fields: <value>

Example:

SM_SOLCLNT100_BACK is adapted for SAP NetWeaver AS ABAP system S4H:
  sap_nwabap.rfc_dest_present:
    - name: SM_SOLCLNT100_BACK
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
    - dest_type: 3
    - server_name: /H/saprouter.my.domain.de/S/3299/H/sol
saltext.sap_nwabap._states.sap_nwabap.rfc_dest_absent(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#

Ensures that an RFC destination is absent in the SAP system.

name

Name of the RFC destination.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Example:

SM_SOLCLNT100_BACK is absent from SAP NetWeaver AS ABAP system S4H:
  sap_nwabap.rfc_dest_absent:
    - name: SM_SOLCLNT100_BACK
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
saltext.sap_nwabap._states.sap_nwabap.sld_config_present(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#

Ensure that an SLD configuration is present in the system.

name

Name of the SLD RFC destination.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Example:

SLD config is present on S4H:
  sap_nwabap.sld_config_present:
    - name: SLD_DS_TARGET
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
saltext.sap_nwabap._states.sap_nwabap.sld_data_transfered(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#

Runs the report RSLDAGDS that triggers the SLD data transfer.

name

Name of the SLD RFC destination.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Note

This state will always produce changes.

Example:

SLD data is transfered for S4H:
  sap_nwabap.sld_data_transfered:
    - name: SLD_DS_TARGET
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
saltext.sap_nwabap._states.sap_nwabap.job_present(name, jobclass, header, steps, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#

Ensure that a job is present in the SAP system.

name

Name of the job.

jobclass

Class of the job, on of: A, B, C

header

Header of the job.

steps

List of job steps.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

The dictionary provided over header must look like the SAP struct names or human readable names for job headers (see constant JOB_HEADER_MAPPING):

JOB_HEADER_MAPPING#

Attribute Name

SAP Field

Description

planned_start_date

SDLSTRTDT

Planned start date for background job

planned_start_time

SDLSTRTTM

Planned start time for background job

last_start_date

LASTSTRTDT

Latest execution date for a background job

last_start_time

LASTSTRTTM

Latest execution time for background job

predecessor_job_name

PREDJOB

Name of previous job

predecessor_job_id

PREDJOBCNT

Job ID

job_status_check

CHECKSTAT

Job status check indicator for subsequent job start

event_id

EVENTID

Background processing event

event_param

EVENTPARM

Background event parameters (such as jobname/jobcount)

duration_min

PRDMINS

Duration period (in minutes) for a batch job

duration_hours

PRDHOURS

Duration period (in hours) for a batch job

duration_days

PRDDAYS

Duration (in days) of dba action

duration_weeks

PRDWEEKS

Duration period (in weeks) for a batch job

duration_months

PRDMONTHS

Duration period (in months) for a batch job

periodic

PERIODIC

Periodic jobs indicator

calendar_id

CALENDARID

Factory calendar id for background processing

can_start_immediately

IMSTRTPOS

Flag indicating whether job can be started immediately

periodic_behavior

PRDBEHAV

Period behavior of jobs on non-workdays

workday_number

WDAYNO

No. of workday on which a job is to start

workday_count_direction

WDAYCDIR

Count direction for ‘on workday’ start date of a job

not_run_before

NOTBEFORE

Planned start date for background job

operation_mode

OPMODE

Name of operation mode

logical_system

LOGSYS

Logical system

object_type

OBJTYPE

Object type

object_key

OBJKEY

Object key

describe_flag

DESCRIBE

Describe flag

target_server

TSERVER

Server name

target_host

THOST

Target system to run background job

target_server_group

TSRVGRP

Server group name background processing

The element of the list provided over steps must look like the SAP struct names or human readable names for job steps (see constant JOB_STEPS_MAPPING):

JOB_STEPS_MAPPING#

Attribute Name

SAP Field

Description

program_name

ABAP_PROGRAM_NAME

ABAP program name

program_variant

ABAP_VARIANT_NAME

ABAP variant name

username

SAP_USER_NAME

SAP user name for authorization check

language

LANGUAGE

Language for list output

Note

This currently only supports ABAP job steps.

Example:

SLD job SAP_SLD_DATA_COLLECT is present on S4H:
  sap_nwabap.job_present:
    - name: SAP_SLD_DATA_COLLECT
    - jobclass: C
    - header:
        EVENTID: SAP_SYSTEM_START
    - steps:
      - ABAP_PROGRAM_NAME: RSLDAGDS
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
saltext.sap_nwabap._states.sap_nwabap.job_absent(name, sid, client, message_server_host, message_server_port, logon_group, username, password, **kwargs)[source]#

Ensure that a job is absent in the system.

name

Name of the job.

sid

SID of the SAP system.

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Example:

SLD job SAP_SLD_DATA_COLLECT is absent on S4H:
  sap_nwabap.job_present:
    - name: SAP_SLD_DATA_COLLECT
    - sid: S4H
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")
saltext.sap_nwabap._states.sap_nwabap.system_health_ok(name, check_from, client, message_server_host, message_server_port, logon_group, username, password, max_allowed_dumps=0, **kwargs)[source]#
Check the system health by checking:

  • Transaction SICK

  • Short Dumps

name

SID of the SAP system.

check_from
Date from which on the system health should be checked (e.g. for log entries)

in the format DDMMYYYY, e.g. 31129999 or 01012000.

max_allowed_dumps

Maximum number of allowed short dumps (default: 0).

message_server_host

Host of the message server.

message_server_port

Port of the message server.

client

Client to connect to.

logon_group

Logon group to use.

username

Username to use for the connection.

password

Password to use for the connection.

Example:

System healh is OK for SAP NetWeaver AS ABAP system S4H (ST22 / SICK):
  sap_nwabap.system_health_ok:
    - name: S4H
    - check_from: {{ None | strftime("%d%m%Y") }}  {# renders to current date, e.g. 31082022 #}
    - client: "000"
    - message_server_host: s4h
    - message_server_port: 3600
    - logon_group: SPACE
    - username: SALT
    - password: __slot__:salt:vault.read_secret(path="nwabap/S4H/000", key="SALT")

Note

This function does not implement __opts__["test"] since no data is changed.