Fail-fast configuration validation & environment drift detection for SAP landscapes
Project description
๐ก๏ธ sap-config-guard
Fail-fast configuration validation & environment drift detection for SAP landscapes
๐ฏ Problem
In almost every SAP project:
- โ DEV / QA / PROD configs silently differ
- โ Missing parameters cause runtime failures
- โ Secure parameters fail only in PROD
- โ No automated pre-deployment validation
๐ SAP has no lightweight, open tool to catch this before deployment.
โ Solution
sap-config-guard is a CLI + library that:
- โ๏ธ Validates SAP configuration files
- โ๏ธ Detects missing / unused / invalid parameters
- โ๏ธ Compares environments (DEV vs QA vs PROD)
- โ๏ธ Fails builds before deployment
- โ๏ธ Works outside SAP (CI/CD friendly)
๐ Quick Start
Installation
Option 1: PyPI (when published)
pip install sap-config-guard
Option 2: From source
git clone https://github.com/upendra-manike/sap-config-guard.git
cd sap-config-guard
pip install -e .
Option 3: Docker
docker pull sap-config-guard:latest
# Or build from source
docker build -t sap-config-guard:latest .
Basic Usage
1๏ธโฃ Validate Configuration
sap-config-guard validate ./config/dev
Output:
โ Missing required key: SAP_API_URL
โ Invalid pattern: SAP_CLIENT = 12 (expected pattern: ^[0-9]{3}$)
โ ๏ธ Secure key missing or empty: SAP_PASSWORD
2๏ธโฃ Compare Environments
sap-config-guard diff dev=./config/dev qa=./config/qa prod=./config/prod
Output:
โ ๏ธ Drift detected:
โ ๏ธ Key 'SAP_TIMEOUT' differs: dev=30, qa=30, prod=10
โ ๏ธ Key 'SAP_API_URL' differs: dev=http://localhost:8080, qa=https://qa.sap.com, prod=https://prod.sap.com
โ Key 'SAP_CLIENT' missing in: qa
3๏ธโฃ Production Validation (Strict Mode)
sap-config-guard validate ./config/prod --environment prod --fail-on-warning
๐ Library API
Python
from sap_config_guard import validate, compare_environments
# Validate configuration
results, is_valid = validate(
config_path="./config/prod",
schema_path="./schema.yaml", # optional
environment="prod",
fail_on_warning=True
)
for result in results:
print(result)
# Compare environments
diff_results = compare_environments({
"dev": "./config/dev",
"qa": "./config/qa",
"prod": "./config/prod"
})
for diff in diff_results:
print(f"{diff.key}: {diff.message}")
๐ Supported File Formats
- โ
.envfiles - โ
.propertiesfiles (Java-style) - โ
.yaml/.ymlfiles - โ
.jsonfiles - โ Directory with multiple config files
๐ง Configuration Schema
Create a schema.yaml file to define validation rules:
required:
- SAP_CLIENT
- SAP_SYSTEM_ID
- SAP_API_URL
secure:
- SAP_PASSWORD
- SAP_PRIVATE_KEY
patterns:
SAP_CLIENT: "^[0-9]{3}$"
SAP_API_URL: "^https://.*"
forbidden_in_prod:
- mock
- localhost
- 127.0.0.1
min_lengths:
SAP_PASSWORD: 8
๐งฉ Supported SAP Contexts
| Area | Supported |
|---|---|
| SAP BTP | โ |
| SAP CPI / PI | โ |
| MuleSoft โ SAP | โ |
| CAP Apps | โ |
| SAP Properties / YAML / JSON | โ |
| ABAP exports (CSV/XML) | โ ๏ธ (phase 2) |
๐ Built-in SAP Rules
- โ
No
localhostin PROD - โ No hardcoded secrets
- โ SAP client must be 3 digits
- โ HTTPS enforced
- โ Timeout sanity checks
- โ Destination name validation
๐ฅ๏ธ CLI Reference
validate Command
sap-config-guard validate <config_path> [options]
Options:
--schema, -s: Path to schema YAML file--environment, -e: Environment name (dev, qa, prod) - default: dev--fail-on-warning: Treat warnings as errors
Examples:
# Basic validation
sap-config-guard validate ./config/dev
# Production validation with custom schema
sap-config-guard validate ./config/prod --environment prod --schema ./custom-schema.yaml
# Strict mode (fail on warnings)
sap-config-guard validate ./config/prod --environment prod --fail-on-warning
diff Command
sap-config-guard diff <env1>=<path1> [env2]=<path2> ... [options]
Options:
--show-same: Show keys that are the same across environments--fail-on-drift: Exit with error code if drift is detected
Examples:
# Compare environments
sap-config-guard diff dev=./config/dev qa=./config/qa prod=./config/prod
# Positional arguments (auto-named as dev, qa, prod)
sap-config-guard diff ./config/dev ./config/qa ./config/prod
# Fail CI/CD on drift
sap-config-guard diff dev=./config/dev prod=./config/prod --fail-on-drift
๐ CI/CD Integration
GitHub Actions
name: Validate SAP Config
on: [push, pull_request]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- run: pip install sap-config-guard
- run: sap-config-guard validate ./config/prod --environment prod --fail-on-warning
- run: sap-config-guard diff dev=./config/dev qa=./config/qa prod=./config/prod --fail-on-drift
Jenkins
stage('Validate Config') {
steps {
sh 'pip install sap-config-guard'
sh 'sap-config-guard validate ./config/prod --environment prod --fail-on-warning'
}
}
Docker in CI/CD
- name: Validate with Docker
run: |
docker run --rm \
-v ${{ github.workspace }}/config:/app/configs:ro \
sap-config-guard:latest \
validate /app/configs/prod --environment prod --fail-on-warning
๐ Roadmap
v0.1.0 (Current) โ
- โ CLI
- โ Config validation
- โ Env diff
- โ CI-friendly exit codes
v0.2.0 (Planned)
- ๐ CAP app support
- ๐ MuleSoft properties
- ๐ JSON/YAML schemas
v0.3.0 (Planned)
- ๐ ABAP export validation
- ๐ SAP transport pre-checks
v1.0.0 (Future)
- ๐ Java wrapper
- ๐ Plugin system
- ๐ SAP GenAI config advisor
๐ค Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Acknowledgments
- Built for the SAP community
- Inspired by real-world production issues
- Designed to be SAP-agnostic and CI/CD friendly
๐ณ Docker Support
Full Docker support is available! See DOCKER.md for detailed usage.
# Quick start with Docker
docker run --rm \
-v $(pwd)/config:/app/configs:ro \
sap-config-guard:latest \
validate /app/configs/prod
๐ Additional Documentation
- QUICKSTART.md - 5-minute getting started guide
- DOCKER.md - Complete Docker usage guide
- CONTRIBUTING.md - How to contribute
- examples/ADVANCED_USAGE.md - Advanced usage patterns
๐ Support
- ๐ Report Issues
- ๐ฌ Discussions
- ๐ง Email: (add your email)
Made with โค๏ธ for the SAP community
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sap_config_guard-0.1.0.tar.gz
(16.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sap_config_guard-0.1.0.tar.gz.
File metadata
- Download URL: sap_config_guard-0.1.0.tar.gz
- Upload date:
- Size: 16.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7c142314630dd464a6b52f93ad7ad1fdb4c78ce668e9d50aae2eaac27d895e5b
|
|
| MD5 |
54862a9cdbdbd952874807e16b9a8637
|
|
| BLAKE2b-256 |
5986ed134a793bda1f287eb6e467b69ed9f551259ac86ae3bbe0943820182ea1
|
File details
Details for the file sap_config_guard-0.1.0-py3-none-any.whl.
File metadata
- Download URL: sap_config_guard-0.1.0-py3-none-any.whl
- Upload date:
- Size: 17.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
710c8d93a344b652abba4a4fb25e9d5c1feb34393cb3a51bcd8107e68b942996
|
|
| MD5 |
11fa962ebca044b1089ca087b95079ab
|
|
| BLAKE2b-256 |
b7efd0628c5a15cf466a996d6ff959b906cf8e1b5e4a156521e06b5c36828a84
|
