Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,20 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).

## [Unreleased]

### Added (2026-06-16)

- **SNow CVE Remediation — close incident after patching** — wired `close_incident`
(success) and `update_inc_failure` (failure) terminal nodes to the `patch_host`
step in `aap_config/files/controller_workflow_job_templates.yml`. On success the
ServiceNow incident is resolved (state 6); on failure it moves to In Progress
(state 2) with error details. Mirrors the pattern already in the Remediate CVE
workflow.
- **Enriched close/failure work notes** — `playbooks/servicenow/update_incident.yml`
`inc_success_comment` and `inc_failure_comment` now include CVE ID, synopsis,
host FQDN, remediation plan name, and the full Insights-authored remediation
playbook content (all flow as `set_stats` artifacts from `fetch_remediation`).
Closes #131.

### Fixed (2026-06-16)

- **Introduce CVE JT — remove stale survey** — added `survey_enabled: false` to
Expand Down
10 changes: 10 additions & 0 deletions aap_config/files/controller_workflow_job_templates.yml
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,16 @@ controller_workflows:

- identifier: patch_host
unified_job_template: "{{ jt_patch_rhel }}"
success_nodes:
- close_incident
failure_nodes:
- update_inc_failure

- identifier: close_incident
unified_job_template: "{{ jt_snow_close_inc }}"

- identifier: update_inc_failure
unified_job_template: "{{ jt_snow_update_inc }}"

# ── SNow CVE Demo ──────────────────────────────────────────────────────────
# One-click demo: Introduce CVE (openssl downgrade + insights-client) then
Expand Down
18 changes: 14 additions & 4 deletions playbooks/servicenow/update_incident.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,18 +44,28 @@
inc_success_comment: |-
Automated remediation completed successfully.

Advisory: {{ advisory_id | default('n/a') }}
Patched hosts: {{ patched_hosts | default('n/a') }}
Job ID: {{ patch_my_job_id | default('n/a') }}
CVE: {{ reported_cve | default('n/a') }}
Synopsis: {{ cve_synopsis | default('n/a') }}
Host: {{ host_fqdn | default('n/a') }}
Advisory: {{ advisory_id | default('n/a') }}
Patched hosts: {{ patched_hosts | default('n/a') }}
AAP Job ID: {{ patch_my_job_id | default('n/a') }}
Remediation plan: {{ remediation_plan_name | default('n/a') }}

[Insights Remediation Playbook]
{{ remediation_playbook_content | default('n/a') }}

Resolving this incident.

inc_failure_comment: |-
Automated remediation did not complete.

CVE: {{ reported_cve | default('n/a') }}
Synopsis: {{ cve_synopsis | default('n/a') }}
Host: {{ host_fqdn | default('n/a') }}
Advisory: {{ advisory_id | default('n/a') }}
Failed hosts: {{ failed_hosts | default('n/a') }}
Job ID: {{ patch_my_job_id | default('n/a') }}
AAP Job ID: {{ patch_my_job_id | default('n/a') }}
Error: {{ patch_my_error | default('see Ansible job output') }}

_comment_map:
Expand Down
Loading