From 080a38ca89c391908b75361172c0287e4905b047 Mon Sep 17 00:00:00 2001 From: toharris-rh Date: Tue, 16 Jun 2026 15:18:10 -0700 Subject: [PATCH] feature: close SNow incident after CVE remediation with full details Wire close_incident (success) and update_inc_failure (failure) nodes to the patch_host step in the SNow CVE Remediation workflow. Enrich the update_incident.yml close/failure comments with CVE ID, synopsis, host FQDN, remediation plan name, and the Insights-authored playbook content (all available as set_stats artifacts from fetch_remediation). Closes #131 Co-Authored-By: Claude Sonnet 4.6 (1M context) --- CHANGELOG.md | 14 ++++++++++++++ .../controller_workflow_job_templates.yml | 10 ++++++++++ playbooks/servicenow/update_incident.yml | 18 ++++++++++++++---- 3 files changed, 38 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0ccefe..44ace32 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,20 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). ## [Unreleased] +### Added (2026-06-16) + +- **SNow CVE Remediation — close incident after patching** — wired `close_incident` + (success) and `update_inc_failure` (failure) terminal nodes to the `patch_host` + step in `aap_config/files/controller_workflow_job_templates.yml`. On success the + ServiceNow incident is resolved (state 6); on failure it moves to In Progress + (state 2) with error details. Mirrors the pattern already in the Remediate CVE + workflow. +- **Enriched close/failure work notes** — `playbooks/servicenow/update_incident.yml` + `inc_success_comment` and `inc_failure_comment` now include CVE ID, synopsis, + host FQDN, remediation plan name, and the full Insights-authored remediation + playbook content (all flow as `set_stats` artifacts from `fetch_remediation`). + Closes #131. + ### Fixed (2026-06-16) - **Introduce CVE JT — remove stale survey** — added `survey_enabled: false` to diff --git a/aap_config/files/controller_workflow_job_templates.yml b/aap_config/files/controller_workflow_job_templates.yml index 359b40f..24d231b 100644 --- a/aap_config/files/controller_workflow_job_templates.yml +++ b/aap_config/files/controller_workflow_job_templates.yml @@ -174,6 +174,16 @@ controller_workflows: - identifier: patch_host unified_job_template: "{{ jt_patch_rhel }}" + success_nodes: + - close_incident + failure_nodes: + - update_inc_failure + + - identifier: close_incident + unified_job_template: "{{ jt_snow_close_inc }}" + + - identifier: update_inc_failure + unified_job_template: "{{ jt_snow_update_inc }}" # ── SNow CVE Demo ────────────────────────────────────────────────────────── # One-click demo: Introduce CVE (openssl downgrade + insights-client) then diff --git a/playbooks/servicenow/update_incident.yml b/playbooks/servicenow/update_incident.yml index 6cdbf7a..ec4b23f 100644 --- a/playbooks/servicenow/update_incident.yml +++ b/playbooks/servicenow/update_incident.yml @@ -44,18 +44,28 @@ inc_success_comment: |- Automated remediation completed successfully. - Advisory: {{ advisory_id | default('n/a') }} - Patched hosts: {{ patched_hosts | default('n/a') }} - Job ID: {{ patch_my_job_id | default('n/a') }} + CVE: {{ reported_cve | default('n/a') }} + Synopsis: {{ cve_synopsis | default('n/a') }} + Host: {{ host_fqdn | default('n/a') }} + Advisory: {{ advisory_id | default('n/a') }} + Patched hosts: {{ patched_hosts | default('n/a') }} + AAP Job ID: {{ patch_my_job_id | default('n/a') }} + Remediation plan: {{ remediation_plan_name | default('n/a') }} + + [Insights Remediation Playbook] + {{ remediation_playbook_content | default('n/a') }} Resolving this incident. inc_failure_comment: |- Automated remediation did not complete. + CVE: {{ reported_cve | default('n/a') }} + Synopsis: {{ cve_synopsis | default('n/a') }} + Host: {{ host_fqdn | default('n/a') }} Advisory: {{ advisory_id | default('n/a') }} Failed hosts: {{ failed_hosts | default('n/a') }} - Job ID: {{ patch_my_job_id | default('n/a') }} + AAP Job ID: {{ patch_my_job_id | default('n/a') }} Error: {{ patch_my_error | default('see Ansible job output') }} _comment_map: