Bridging Data Certification Results into CMDB Dashboard

troyp · ‎11-10-2016

We've been wrestling with options, too many options.

We have teams that want/need the detailed workflow and checkboxes from Data Certification, but we also realize that there are newer and better ways ahead. Desired State, GRC, CMDB Dashboard, etc.

So I'd like feedback on the approach we are taking. I started looking for a bridge that could take the results of our Data Certification work and leverage that with the Compliance capabilities in the CMDB Dashboard.

What I've ended up with is a Script Include that does most of the work. (included below) The process at a high-level is like this:

Set up Data Certification Filters, Schedules, and Instances. Use the workflow here to manually certify individual fields.
Create a Scripted Audit that uses the same filter from Data Certification. The script has a single line:
```
new DataCertAudit();
```

Now when the Compliance audit runs, it will use the same filter to find the affected CIs, then check for the certification elements associated with the most recent certification task. For the audit to pass there must be certification elements found and they must all have the state of 'Certified'.

We are still testing, but here's the ScriptInclude as it stands and appears to be working. Time will tell.

Any thoughts or suggestions would be greatly appreciated.

-Troy

use at your own risk - no warranty expressed nor implied.

/*
* DataCertAudit
*   Utility to help connect Data Certification results into
*   the desired state audit/compliance capabilities.
*
* Troy Pesola - troy.pesola@capgemini.com
*
* Create Scripted Audits for each filter defined and used in
* Data Certification.   Then use the following code in the
* script for the audit.
*---
*   new DataCertAudit();
*---
* It will only pass the audit if certification elements are found
* and the state of the element is not 'Certified'.
*/
var DataCertAudit = Class.create();
DataCertAudit.prototype = {
       initialize: function() {
           /* perform the audit for this filter */
           // API call to retrieve records based on the filter
           var gr = new SNC.CertificationProcessing().getFilterRecords(current.filter);
           // Loop over all records defined by the filter
           while(gr.next()) {
               // get the Sys ID of the audited record
               var sysId = gr.getValue('sys_id');
               // we need two Cert Element records
               var grCET = new GlideRecord('cert_element');
               var grCE = new GlideRecord('cert_element');
               // find the most recent Certification Task record
               grCET.addQuery('configuration_item',sysId);
               grCET.addNotNullQuery('cert_task');
               grCET.setLimit(1);
               grCET.orderByDesc('cert_task.sys_created_on');
               grCET.query();
               if (grCET.next()) {
                   // find all of the associated certification element records
                   grCE.addQuery('configuration_item',sysId);
                   grCE.addQuery('cert_task',''+grCET.cert_task);
                   grCE.query();
               }
               if (grCE.hasNext()) {
                   var cert = true;
                   while (grCE.next()) {
                       // check the audit details and log any failures
                       if (grCE.state!='Certified') {
                           // mark the CI as not certified
                           cert = false;
                           // log the failed Data Certification element
                           new SNC.CertificationProcessing().logAuditResultFail(
                               current.sys_id, sysId, null, grCE.element,
                               'Data Certification state is ' + grCE.state, '', '', true);
                       }
                   }
                   if (cert) {
                       // log the successful audit of Data Certification
                       new SNC.CertificationProcessing().logAuditResultPass(
                           current.sys_id, sysId, true);
                   }
               } else {
                   // no certification elements found
                   //       log and fail this audit.
                   new SNC.CertificationProcessing().logAuditResultFail(
                       current.sys_id, sysId, null, '',
                       'Missing Data Certifications', '', '', true);
               }
           }
       },
       type: 'DataCertAudit'
};

troyp · ‎11-14-2016

The Helsinki Docs do say ...

AuditCompares actual values of specified fields, against expected values defined in a template or in a script. For more information see Create an audit. Create a compliance-type audit, for which the results are calculated into the compliance CMDB health metric.

CMDB health metrics

So what's broken is that I'm following the documentation, creating an audit (scripted audit) and the results are not calculated into the compliance CMDB health metric.

Would that be considered "seriously broken"?

At the very least the documentation should be updated to accurately state which audit types are included in the compliance CMDB health metric.

That topic aside ...

What if I change how I'm writing to the audit results table and force the audit type to be "metric", so it is included in the results? Seems very crude, but if that's the only audit type being included in the calculation, it might work. I'll have to do some digging.

kannann_ · ‎11-30-2016

Hey,

I managed to write a script to populate data into CMDB Health Scorecard table, but for some reason the Compliance widget on the CMDB Dashboard is not reflecting the scores from the CMDB Health Scorecard table.

I have attached my script