If you haven't read the introduction on ServiceNow Coud provisioning and Governance, you can see the following article:
With this approach acknowledged, The Cloud administrator has the opportunity to prepare the environment in order to ease the process of Terraform template consumption. By discussing with the Cloud Designer, they can find some rooms to standardize the way the Terraform templates will be built and therefore to apply generic policy rules that will be adapted to each newly created catalog item.
How are the Terraform template consumed?
Terraform template contains information on what needs to be deployed and specifically what parameters need to be passed. When ServiceNow CPG consumes these templates it identifies all these parameters and creates corresponding variables in the newly created Catalog item.
When an end user request this Catalog Item, he will need to populate these variables with some values. This is where policies can be applied to help the end user to select values or to force some behavior in the form. We will take the example of forcing the naming convention for a specific field
What is the challenge when trying to create a generic policy rule on all catalog tems?
When consuming a Terraform template into a Catalog item, the syntax of the variables that are created are as follow:
"Catalog item name"_"Terraform variable name".
Let's take an example:
I'm consuming a Terraform Template and creating a catalog item from it that has the following name: "Terraform Vmware simple vm"
In the corresponding Terraform template, there is a variable named "hostname" which is actually the name of the host that will be used when deploying the VM:
When the catalog item is generated the resulting variable is as follow: "Terraform_Vmware_simple_vm_hostname"
What is the objective of the Cloud admin?:
The objective of the cloud admin is to force a specific naming convention for this variable whenever a new catalog item is created.
example: "host-randomnumber"
This will avoid him having to do it each time a catalog item is created and enable him to standardize the approach. Moreover the end user who will request the item will not have to deal with it
As the variable name is never known in advanced, the cloud admin needs to create a script that identifies the "hostname" variables in the catalog item in order to force its naming convention. As a prerequisites he needs to tell to the Cloud designer to always use the same syntax for the "hostname" variable in its Terraform templates (example: "hostname" or "host" or "servername"...)
Here is the solution:
The cloud admin will create a generic policy rule (applied to all catalog item), with the following script:
for( var k = 0; k < Object.keys(formData).length; ++k ) {
if (Object.keys(formData)[k].indexOf("hostname") != -1 ){
var $varhostname = Object.keys(formData)[k];
}
}
formData[$varhostname] = "host-" + formData.randomNumber ;
return formData;
Result:
This is one example of a generic policy rule that the cloud admin can replicate for other use cases:
- Force the naming convention and hide the field to the end user based on its profile
- Automatically populate the "Usergroup" and the "username" fields based on the requester's information
- ...
The cloud admin will standardize an approach with better quality and with a simplified work
