Tag-Governance not evaluating all the key pairs

Camila Godoy · ‎11-29-2022

Hi Everyone - I am using tag governance to evaluate if a configuration item has a valid key pair.

I am comparing if it is valid using a script. For my tag key & value policy
the key is X and the value would be a script such:

var tagValues = [];
var gr = new GlideRecord('cmdb_ci_business_app');
gr.addEncodedQuery("active=true");
gr.query();
while(gr.next()){
   tagValues.push(gr.number + '');
}

The issue I encounter is when a configuration item has more than one tag. It is not evaluating all the possible tags.

For example:
Server1 has the following key pairs-> X - 00000 and X - 11111
The evaluation is finding the first key value pair and determining if it failed or passes the rules.

However, we need to make sure we have all possible tags evaluated.
X - 00000 Pass
X - 11111 Failed

Rather than X - 00000 Pass
Why is this not working? Would you know of anything that could change this?

Thank you!

Ram Devanathan1 · ‎12-21-2022

hi @Camila Godoy thanks for evaluating this fix. i see i have the code in the update-set, not sure why it is not appearing in your case.

can you clarify where you had to add the line?

also just noting that the intent with this fix is to only make the violating tag values visible.

Ram

Camila Godoy · ‎12-22-2022

Hi @Ram Devanathan1 neverminded I see you had the code with "var violations = [];" defined in the top. I had some problems in the developer instances. I started this from zero again and it is back too my previous message, it is passing everything as certified now. Even the ones that has only wrong values
Your code:

var violations = [];
var tagsFound = new Object();
var policyDefinition = new sn_itom_tag.TagPolicyUtil().getTagValueCheckForPolicy(policy.getUniqueValue(), false, ci);

while (ciTags.next()) {
    var tagKey = ciTags.getValue('key') + '';
    var tagValue = ciTags.getValue('value') + '';

    if (policyDefinition.hasOwnProperty(tagKey)) {
        var policyDefinitionValue = policyDefinition[tagKey];
        if (policyDefinitionValue instanceof Array) {
            if (policyDefinitionValue.indexOf(tagValue) === -1)
                violations.push("Tag key: " + tagKey + ", Value: " + tagValue + ". Expected value(s) [" + policyDefinitionValue.toString() + "].\n");
        } else if (policyDefinitionValue !== tagValue)
            violations.push("Tag key: " + tagKey + ", Value: " + tagValue + ". Expected value '" + policyDefinition[tagKey] + "'.\n");

        tagsFound[tagKey] = 1;
        // delete policyDefinition[tagKey];
        // if (Object.keys(policyDefinition).length == 0)
        // break;
    }
}

for (var key in tagsFound) {
    delete policyDefinition[key];
}

if (Object.keys(policyDefinition).length != 0)
    violations.push("Missing Tag key(s) -" + Object.keys(policyDefinition).toString() + "\n");
complianceState = (violations.length === 0);
if (!complianceState) {
    discrepancyValue = violations.length;
    complianceDescription = violations.toString();
}

Results:

What should be:

SAP AppSRV01 - Failed

SAP AppSRV01 - Certified

SAP AppSRV02 - Failed

SAP-SD-02 - Certified

Ram Devanathan1 · ‎12-23-2022

sorry about that, i need to look into this a bit more deeper.

let's catch up over zoom and debug this after the hols. please email me at (email removed)

Ram

Ram Devanathan1 · ‎01-11-2023

Hi Camila thanks for your time on the call - i was able to check what's going wrong here.

looks like the fix relies on another update-set - attached the same herewith.

now your policy would work - checking for multiple tags and pointing wrong ones.

we can make this a better feature in next releases.

HTH

Ram