sap-linuxlab / community.sap_libs

Automation for SAP - Collection of Ansible Modules for SAP for low-level activities which are highly reusable
Apache License 2.0
17 stars 6 forks source link

Enable SNC encrypted connections in sap_pyrfc #26

Open bmaercz opened 1 year ago

bmaercz commented 1 year ago

Summary

I'd love to use this sap_pyrfc module to automate SAP tasks using Ansible. But our systems only allow RFC calls via SNC encrypted connections. It seems that community.sap_libs.sap_pyrfc is not supporting this.

When I try to specify SNC parameters (as documented in https://sap.github.io/PyRFC/pyrfc.html) in my ansible playbook like follows:

 - name: test the pyrfc module
    community.sap_libs.sap_pyrfc:
      function: DELIVERY_GET_COMPONENT_RELEASE
      parameters:
        IV_COMPNAME: "SAP_BASIS"
      connection:
        ashost: my.sap.as.host
        sysid: SID
        sysnr: "01"
        client: "000"
        user: USERNAME
        passwd: PWD
        snc_qop: Privacy Protection
        snc_myname: SNCNAME
        snc_partnername: SNCPARTNERNAME
        lang: EN

I get an error message telling me that I'm using unsupported parameters:

"Unsupported parameters for (community.sap_libs.sap_pyrfc) module: snc_myname, snc_partnername, snc_qop found in connection. Supported parameters include: ashost, client, lang, passwd, sysid, sysnr, user"

Is it planned to add SNC support to sap_pyrfc module any time soon?

Kind regards Benny

Issue Type

Feature Idea

Component Name

community.sap_libs.sap_pyrfc

Additional Information

Code of Conduct

rainerleber commented 1 year ago

Hi @bmaercz thank you for opening the issue. At the moment the module doesn't support this. We will investigate this. Please be patient

bsrdjan commented 10 months ago

Hi, pyrfc maintainer here,

why not completely remove this connection parameters semantic check?

There are many possible parameters' combinations and SAP NW RFC SDK performs the check anyway, returning error message if invalid parameter is passed or when particular parameter missing.

No need to duplicate the logic here IMHO, only to check if connection parameters are passed as str:str dictionary. pyrfc and SAP NW RFC SDK will do the rest. It would enable all logon scenarios configured in ABAP system.