CMDB Reconciliation Rule does not work as expected

jesjuar · ‎10-22-2020

Hi!

I have configured a Reconciliation Rule for Computer class from the CI Class Manager. It includes the fields that can be modified by ImportSet data source. It is the only reconciliation rule for the class, and it does not have any conditions:

To test the new reconciliation rule, I have run the following code, using the IRE Engine:

var inputPayload = {
   "items": [
      {
         "className": "cmdb_ci_computer",
         "lookup": [],
         "values": {
            "model_number": "ABC-Test",
            "name": "New Name Value",
            "asset_tag": "123456",
            "ram": "1024",
            "cpu_count": "4",
            "serial_number": "MJ58PWTR"
         }
      }
   ],
   "relations": []
};

var encodedInputPayload = new JSON().encode(inputPayload);
var dataSource = 'ImportSet';
var outputPayload = SNC.IdentificationEngineScriptableApi.createOrUpdateCI(dataSource, encodedInputPayload);
gs.print(outputPayload);

And this is the output payload after running it:

{
 "items": [
  {
   "className": "cmdb_ci_computer",
   "operation": "UPDATE",
   "sysId": "bc16452adbffd810c7529ec25a96c956",
   "maskedAttributes": [],
   "identifierEntrySysId": "025742f4dbdad850b7529bc2ca9619e7",
   "identificationAttempts": [
    {
     "identifierName": "Computer rule",
     "attemptResult": "MATCHED",
     "attributes": [
      "serial_number"
     ],
     "searchOnTable": "cmdb_ci_computer",
     "hybridEntryCiAttributes": []
    }
   ]
  }
 ],
 "relations": []
}

The computer was correctly identified (using the serial_number) and updated. However, and this is the issue, the IRE updated all fields included in the input payload, even those fields that shouldn't be authorized to be updated by the data source "Import Set". For instance, the reconciliation rule created allows to modify the ram, but it does not allow to update the name. I expect the IRE engine to abort the update of non-authorized fields, following the definition of our reconciliation rule, and adding them to the output payload property "maskedAttributes", as it is described in the official documentation: https://docs.servicenow.com/bundle/paris-application-development/page/app-store/dev_portal/API_reference/IdentificationEngineScriptableApi/concept/c_IdentEngineScriptAPI.html

Has anyone else had this issue?

christianmalone · ‎10-22-2020

this is a common misunderstanding that the reconciliation fields are going to act like a filter to block field entry even when no other existing higher ranked data is there. Go ahead and add a higher ranking data source and fields. Populate with a payload from that datasource then go back and rerun your current one. Then it will block the field updates as it’s following the reconciliation rule.

View solution in original post

jesjuar · ‎10-23-2020

I have a related question, @christianmalone . If the field is empty, the reconciliation rule does not apply, the system updates the value even if the data source is not authorized. Is there any way to configure that? For example, a computer is unassigned manually becuase it is going to be retired, but an external system still has the user assigned to the computer and in the next sync populates again the field.

Thanks!