Bridging Data Certification Results into CMDB Dashboard

troyp · ‎11-10-2016

We've been wrestling with options, too many options.

We have teams that want/need the detailed workflow and checkboxes from Data Certification, but we also realize that there are newer and better ways ahead. Desired State, GRC, CMDB Dashboard, etc.

So I'd like feedback on the approach we are taking. I started looking for a bridge that could take the results of our Data Certification work and leverage that with the Compliance capabilities in the CMDB Dashboard.

What I've ended up with is a Script Include that does most of the work. (included below) The process at a high-level is like this:

Set up Data Certification Filters, Schedules, and Instances. Use the workflow here to manually certify individual fields.
Create a Scripted Audit that uses the same filter from Data Certification. The script has a single line:
```
new DataCertAudit();
```

Now when the Compliance audit runs, it will use the same filter to find the affected CIs, then check for the certification elements associated with the most recent certification task. For the audit to pass there must be certification elements found and they must all have the state of 'Certified'.

We are still testing, but here's the ScriptInclude as it stands and appears to be working. Time will tell.

Any thoughts or suggestions would be greatly appreciated.

-Troy

use at your own risk - no warranty expressed nor implied.

/*
* DataCertAudit
*   Utility to help connect Data Certification results into
*   the desired state audit/compliance capabilities.
*
* Troy Pesola - troy.pesola@capgemini.com
*
* Create Scripted Audits for each filter defined and used in
* Data Certification.   Then use the following code in the
* script for the audit.
*---
*   new DataCertAudit();
*---
* It will only pass the audit if certification elements are found
* and the state of the element is not 'Certified'.
*/
var DataCertAudit = Class.create();
DataCertAudit.prototype = {
       initialize: function() {
           /* perform the audit for this filter */
           // API call to retrieve records based on the filter
           var gr = new SNC.CertificationProcessing().getFilterRecords(current.filter);
           // Loop over all records defined by the filter
           while(gr.next()) {
               // get the Sys ID of the audited record
               var sysId = gr.getValue('sys_id');
               // we need two Cert Element records
               var grCET = new GlideRecord('cert_element');
               var grCE = new GlideRecord('cert_element');
               // find the most recent Certification Task record
               grCET.addQuery('configuration_item',sysId);
               grCET.addNotNullQuery('cert_task');
               grCET.setLimit(1);
               grCET.orderByDesc('cert_task.sys_created_on');
               grCET.query();
               if (grCET.next()) {
                   // find all of the associated certification element records
                   grCE.addQuery('configuration_item',sysId);
                   grCE.addQuery('cert_task',''+grCET.cert_task);
                   grCE.query();
               }
               if (grCE.hasNext()) {
                   var cert = true;
                   while (grCE.next()) {
                       // check the audit details and log any failures
                       if (grCE.state!='Certified') {
                           // mark the CI as not certified
                           cert = false;
                           // log the failed Data Certification element
                           new SNC.CertificationProcessing().logAuditResultFail(
                               current.sys_id, sysId, null, grCE.element,
                               'Data Certification state is ' + grCE.state, '', '', true);
                       }
                   }
                   if (cert) {
                       // log the successful audit of Data Certification
                       new SNC.CertificationProcessing().logAuditResultPass(
                           current.sys_id, sysId, true);
                   }
               } else {
                   // no certification elements found
                   //       log and fail this audit.
                   new SNC.CertificationProcessing().logAuditResultFail(
                       current.sys_id, sysId, null, '',
                       'Missing Data Certifications', '', '', true);
               }
           }
       },
       type: 'DataCertAudit'
};

troyp · ‎11-11-2016

UPDATE: Close but not quite.

While the Scripted Audits run properly and create Audit Results as expected, they are not getting picked up by the CMDB Dashboard Health.

The Scripted Job for checking Compliance is a single line:

SNC.MetricProcessorScript.complianceManager();

The audit results are there from the manual runs. I don't see any audit results with an entry in the "last run" column, even though the audits are scheduled to run daily.

Chuck Tomasi · ‎11-14-2016

Hi Troy,

This is the response from our ITOM product manager...

Currently we look @ tasks created by Data Certification and desired state plug-in independently. We will make them as part of Compliance KPI as of J release.

troyp · ‎11-14-2016

Chuck, Thanks for digging into this for me.

Any thoughts on integrating it between now and then? Since the processing is done within the SNC.MetricProcessorScript I'm not sure how to reverse engineer what's there and add/extend it accordingly.

Ah, if the SNC.MetricProcessorScript was only in a git repository I could fork/branch and offer back.

-Troy

Chuck Tomasi · ‎11-14-2016

At this point, there is no plans to back port the functionality (unless it's something seriously broken.)