Azure · devanshjainms · May 6, 2025 · Apr 28, 2025 · May 5, 2025
@@ -46,14 +46,14 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           category: "/language:${{matrix.language}}"
@@ -50,6 +50,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           sarif_file: results.sarif
@@ -36,7 +36,7 @@ jobs:
         output: report-fs.sarif
 
     - name: Upload Trivy report (fs) GitHub Security
-      uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
       with:
         sarif_file: report-fs.sarif
         category: 'fs'
@@ -27,3 +27,16 @@ database_cluster_type:         AFA
 #                              Storage Profile                              #
 #############################################################################
 NFS_provider:                  AFS
+
+#############################################################################
+#                        Key Vault Parameters (optional)                    #
+#############################################################################
+key_vault_id:                  /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.KeyVault/vaults/<key-vault-name>
+secret_id:                     https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<id>
+
+#############################################################################
+#                            MSI Client ID                                  #
+#############################################################################
+# The MSI Client ID is used to authenticate to Azure services
+# and is required if the management server uses user assigned managed identity
+user_assigned_identity_client_id: "00000000-0000-0000-0000-000000000000"
@@ -255,6 +255,13 @@ platform: "HANA"
 # - ANF (for Azure NetApp Files)
 # - AFS (for Azure File Share)
 NFS_provider: "ANF"  # or "AFS"
+
+# If you're using a user-assigned managed identity (as explained in "Azure RBAC" section above):
+#  - Enter the client ID of that identity here
+#  - You can find this ID in Azure Portal → Managed Identities → Your Identity → Properties → Client ID
+# If you're using system-assigned managed identity instead:
+#  - Leave this blank or set to empty string ""
+user_assigned_identity_client_id: "000000-00000-00000-00000-000000"
 ```
 
 2.2.3. Credential Files

@@ -5,5 +5,14 @@
 | Test Case                    | Type          | Description                                                                                                                                                                   | More Info                                                                                                       |
 |------------------------------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|
 | HA Parameters Validation     | Configuration | The HA parameter validation test validates HA configuration including Corosync settings, Pacemaker resources, SBD device configuration, and SCS system replication setup.  | [ha-config.yml](../src/roles/ha_scs/tasks/ha-config.yml)                                                        |
-| Resource Migration           | Failover      | The Resource Migration test validates planned failover scenarios by controlling resource movement between SCS nodes, ensuring proper role changes and data synchronization. | [ascs-migration.yml](../src/roles/ha_scs/tasks/ascs-migration.yml)                                        |
-| ASCS Node Crash                | Network       | The ASCS Node Crash test simulates cluster behavior when the ASCS node crashes. It simulates an ASCS node failure by forcefully terminating the process, then verifies automatic failover to the ERS node, monitors system replication status, and confirms service recovery without data loss. | [ascs-node-crash.yml](../src/roles/ha_scs/tasks/ascs-node-crash.yml)                                                  |
+| Azure Load Balancer | Configuration |  The Azure LB configuration test validates Azure Load Balancer setup including health probe configuration, backend pool settings, load balancing rules, and frontend IP configuration. | [azure-lb.yml](../src/roles/ha_scs/tasks/azure-lb.yml) |
+| SAPControl Config Validation | Configuration | The SAPControl Config Validation test runs multiple sapcontrol commands to validate the SCS configuration. It executes commands like HAGetFailoverConfig, HACheckFailoverConfig, and HACheckConfig, capturing their outputs and statuses to ensure proper configuration and functionality. | [sapcontrol-config.yml](../src/roles/ha_scs/tasks/sapcontrol-config.yml) |
+| Resource Migration           | Failover      | The Resource Migration test validates planned failover scenarios by controlling resource movement between SCS nodes, ensuring proper role changes. | [ascs-migration.yml](../src/roles/ha_scs/tasks/ascs-migration.yml)                                        |
+| ASCS Node Crash              | Failover      | The ASCS Node Crash test simulates cluster behavior when the ASCS node crashes. It simulates an ASCS node failure by forcefully terminating the process, then verifies automatic failover to the ERS node, monitors system replication status, and confirms service recovery. | [ascs-node-crash.yml](../src/roles/ha_scs/tasks/ascs-node-crash.yml) |
+| Block Network Communication  | Network       | The Block Network test validates cluster behavior during network partition scenarios by implementing iptables rules to block communication between ASCS and ERS nodes. It verifies split-brain prevention mechanisms, validates proper failover execution when nodes become isolated, and ensures cluster stability after network connectivity is restored. | [block-network.yml](../src/roles/ha_scs/tasks/block-network.yml) |
+| Kill Message Server Process  | Process       | The Message Server Process Kill test simulates failure of the message server process on the ASCS node by forcefully terminating it using the kill -9 signal. It verifies proper cluster reaction, automatic failover to the ERS node, and ensures service continuity after the process failure. | [kill-message-server.yml](../src/roles/ha_scs/tasks/kill-message-server.yml) |
+| Kill Enqueue Server Process  | Process       | The Enqueue Server Process Kill test simulates failure of the enqueue server process on the ASCS node by forcefully terminating it using the kill -9 signal. It validates proper cluster behavior, automatic failover execution. | [kill-enqueue-server.yml](../src/roles/ha_scs/tasks/kill-enqueue-server.yml) |
+| Kill Enqueue Replication Server Process | Process | The Enqueue Replication Server Process Kill test simulates failure of the replication server process on the ERS node by forcefully terminating it using the kill -9 signal. This test handles both ENSA1 and ENSA2 architectures. It validates the automatic restart of the process. | [kill-enqueue-replication.yml](../src/roles/ha_scs/tasks/kill-enqueue-replication.yml) |
+| Kill sapstartsrv Process for ASCS | Process | The sapstartsrv Process Kill test simulates failure of the SAP Start Service for the ASCS instance by forcefully terminating it using the kill -9 signal. It validates proper cluster reaction, automatic failover to the ERS node, and verifies service restoration after the process failure. | [kill-sapstartsrv.yml](../src/roles/ha_scs/tasks/kill-sapstartsrv.yml) |
+| Manual Restart of ASCS Instance | Control | The Manual Restart test validates cluster behavior when the ASCS instance is manually stopped using sapcontrol. It verifies proper cluster reaction to a controlled instance shutdown, ensures automatic failover to the ERS node, and confirms service continuity throughout the operation. | [manual-restart.yml](../src/roles/ha_scs/tasks/manual-restart.yml) |
+| HAFailoverToNode Test | Control | The HAFailoverToNode test validates SAP's built-in high availability functionality by using the sapcontrol command to trigger a controlled failover. It executes 'HAFailoverToNode' as the SAP administrator user, which initiates a clean migration of the ASCS instance to another node. | [ha-failover-to-node.yml](../src/roles/ha_scs/tasks/ha-failover-to-node.yml) |
@@ -60,13 +60,41 @@ This guide will help you set up your existing SAP Deployment Automation Framewor
    | **SAP Functional Tests Type** | Test category to run | Yes | DatabaseHighAvailability |
    | **Telemetry Data Destination** | Where to send test data | No | AzureLogAnalytics |
 
-   **For AzureLogAnalytics destination** (required parameters):
+   **Providing Telemetry Data Destination Parameters**
+
+   To configure the Telemetry Data Destination for the SAP Testing Automation Framework, you need to specify the required parameters in the Extra Parameters input field. This allows the pipeline to send telemetry data to the desired destination, such as Azure Log Analytics or Azure Data Explorer.
+
+   **How to Specify Telemetry Parameters**
+
+   Use the following format in the Extra Parameters field:
+
+   ```bash
+   --extra-vars "laws_workspace_id=<workspace-id>,laws_shared_key=<shared-key>,telemetry_table_name=<table-name>"
+   ```
+
+   Telemetry Data Destination Options
+   1. **Azure Log Analytics**
+   If you are using Azure Log Analytics as the telemetry destination, the following parameters are required:
    - `laws_workspace_id`: Log Analytics Workspace ID
    - `laws_shared_key`: Log Analytics Shared Key
    - `telemetry_table_name`: Name of the table in Log Analytics
 
-   **For AzureDataExplorer destination** (required parameters):
+   ```bash
+   --extra-vars "laws_workspace_id=12345678-1234-1234-1234-123456789abc,laws_shared_key=**********,telemetry_table_name=SAPTelemetry"
+   ```
+
+   2. **Azure Data Explorer**
+   If you are using Azure Data Explorer (ADX) as the telemetry destination, the following parameters are required:
    - `adx_cluster_fqdn`: Azure Data Explorer Cluster FQDN
    - `adx_database_name`: Azure Data Explorer Database Name  
    - `adx_client_id`: Azure Data Explorer Client ID
    - `telemetry_table_name`: Name of the table in ADX database
+
+   ```bash
+   --extra-vars "adx_cluster_fqdn=myadxcluster.kusto.windows.net,adx_database_name=SAPTelemetryDB,adx_client_id=12345678-1234-1234-1234-123456789abc,telemetry_table_name=SAPTelemetry"
+   ```
+
+
+
+
+
@@ -81,4 +81,34 @@ FUNCTION BlockNetworkTest():
 
     RETURN "TEST_PASSED"
 END FUNCTION
+```
+
+## ASCS Block Network Test Case
+
+This test case is a specific instance of blocking network communication, focusing on ASCS-specific scenarios.
+
+### Pre-requisites
+
+- Functioning ASCS/ERS cluster
+- Two active nodes (ASCS and ERS)
+- Cluster services running
+- iptables service accessible
+- STONITH configuration (stonith-enabled=true)
+
+### Additional Steps for ASCS Block Network
+
+- Validate ASCS-specific failover behavior.
+- Ensure proper role changes for ASCS and ERS nodes.
+
+### Pseudocode Extension
+
+```pseudocode
+FUNCTION ASCSBlockNetworkTest():
+    // Reuse BlockNetworkTest pseudocode
+    CALL BlockNetworkTest()
+
+    // Additional ASCS-specific validations
+    validate_ascs_failover_behavior()
+    ensure_ascs_role_changes()
+END FUNCTION
 ```
@@ -0,0 +1,69 @@
+<!-- filepath: /home/devanshjain/SDAF/sap-automation-qa/docs/pseudocode/ha-failover-to-node.md -->
+# HAFailoverToNode Test Case
+
+## Prerequisites
+
+- Functioning SCS cluster
+- Two active nodes (ASCS and ERS)
+- Cluster services running
+- Proper resource configuration
+
+## Validation
+
+- Verify failover to the ERS node
+- Check cluster stability
+- Validate proper role changes
+
+## Pseudocode
+
+```pseudocode
+FUNCTION HAFailoverToNodeTest():
+    // Setup Phase
+    EXECUTE TestSetup()
+    EXECUTE PreValidations()
+
+    IF pre_validations_status != "PASSED" THEN
+        RETURN "Test Prerequisites Failed"
+
+    // Main Test Execution
+    TRY:
+        IF current_node == ascs_node THEN
+            record_start_time()
+
+            // Execute Failover Command
+            success = execute_failover_command(ers_node)
+            IF NOT success THEN
+                THROW "Failed to execute failover command"
+
+            // Validate Cluster Status
+            cluster_status = validate_cluster_status()
+            IF cluster_status.ascs_node != ers_node OR cluster_status.ers_node != ascs_node THEN
+                THROW "Cluster status validation failed after failover"
+
+            // Cleanup Constraints
+            success = remove_location_constraints()
+            IF NOT success THEN
+                THROW "Failed to remove location constraints"
+
+            // Cleanup Resources
+            success = cleanup_cluster_resources()
+            IF NOT success THEN
+                THROW "Failed to cleanup cluster resources"
+
+            record_end_time()
+            generate_test_report()
+        END IF
+
+        EXECUTE PostValidations()
+
+    CATCH any_error:
+        LOG "Error occurred: " + any_error
+        EXECUTE RescueOperations()
+        EXECUTE CleanupOperations()
+        RETURN "TEST_FAILED"
+    FINALLY:
+        EXECUTE EnsureClusterHealth()
+
+    RETURN "TEST_PASSED"
+END FUNCTION
+```
@@ -0,0 +1,112 @@
+<!-- filepath: /home/devanshjain/SDAF/sap-automation-qa/docs/pseudocode/kill-message-server.md -->
+# Kill Message Server Process Test Case
+
+## Prerequisites
+
+- Functioning SCS cluster
+- Two active nodes (ASCS and ERS)
+- Cluster services running
+- Proper resource configuration
+
+## Validation
+
+- Verify failover to the ERS node
+- Check cluster stability
+- Validate proper role changes
+
+## Pseudocode
+
+```pseudocode
+FUNCTION KillMessageServerTest():
+    // Setup Phase
+    EXECUTE TestSetup()
+    EXECUTE PreValidations()
+
+    IF pre_validations_status != "PASSED" THEN
+        RETURN "Test Prerequisites Failed"
+
+    // Main Test Execution
+    TRY:
+        IF current_node == ascs_node THEN
+            record_start_time()
+
+            // Check ENSA Version
+            ensa_version = check_ensa_version()
+
+            // Kill Message Server Process
+            success = kill_message_server_process()
+            IF NOT success THEN
+                THROW "Failed to kill message server process"
+
+            // Validate ASCS Node Stopped
+            cluster_status = validate_cluster_status()
+            IF cluster_status.ascs_node != "" THEN
+                THROW "ASCS node did not stop as expected"
+
+            // Validate Failover to ERS Node
+            cluster_status = validate_cluster_status()
+            IF cluster_status.ascs_node != ers_node OR cluster_status.ers_node != ascs_node THEN
+                THROW "Failover validation failed"
+
+            // Cleanup Resources
+            success = cleanup_cluster_resources()
+            IF NOT success THEN
+                THROW "Failed to cleanup cluster resources"
+
+            record_end_time()
+            generate_test_report()
+        END IF
+
+        EXECUTE PostValidations()
+
+    CATCH any_error:
+        LOG "Error occurred: " + any_error
+        EXECUTE RescueOperations()
+        EXECUTE CleanupOperations()
+        RETURN "TEST_FAILED"
+    FINALLY:
+        EXECUTE EnsureClusterHealth()
+
+    RETURN "TEST_PASSED"
+END FUNCTION
+```
+
+## Kill Enqueue, Enqueue Replication, and sapstartsrv Processes
+
+These test cases are specific instances of killing processes, focusing on enqueue, enqueue replication, and sapstartsrv processes.
+
+### Additional Steps for Each Process
+
+- Validate process-specific failover behavior.
+- Ensure proper role changes for ASCS and ERS nodes.
+
+### Pseudocode Extension
+
+```pseudocode
+FUNCTION KillEnqueueProcessTest():
+    // Reuse KillMessageServerTest pseudocode
+    CALL KillMessageServerTest()
+
+    // Additional enqueue-specific validations
+    validate_enqueue_failover_behavior()
+    ensure_enqueue_role_changes()
+END FUNCTION
+
+FUNCTION KillEnqueueReplicationProcessTest():
+    // Reuse KillMessageServerTest pseudocode
+    CALL KillMessageServerTest()
+
+    // Additional enqueue replication-specific validations
+    validate_enqueue_replication_failover_behavior()
+    ensure_enqueue_replication_role_changes()
+END FUNCTION
+
+FUNCTION KillSapstartsrvProcessTest():
+    // Reuse KillMessageServerTest pseudocode
+    CALL KillMessageServerTest()
+
+    // Additional sapstartsrv-specific validations
+    validate_sapstartsrv_failover_behavior()
+    ensure_sapstartsrv_role_changes()
+END FUNCTION
+```