Issue
Overview
This article will demonstrate about the Credential exchange or handshake between the ServiceNow Cloud Management Platform API and Azure Cloud.
Description
- During an API call to discover resources in Azure, the API DSL is populated with the credential id and this is sent to the probe.
- The probe APIProxyProbe is what runs in the ECC queue when we discover any resources in CMP.
- This probe has a method called getCredentialsById(credential) which uses a factory method to get the Credential details back to the probe.
- The probe then uses camel context to send the credentials as part of the request header to endpoints.
- This header is provided to the script that is defined in the CAPI method mapper which uses rest API calls to discover the resources.
- Understand which script includes are mapped to a particular discovery please check the CAPI method mappers. For eg :
http://<instance-name>/sn_capi_method_mapper.do?sys_id=2686aa710b2322003969a387b6673a6b&sysparm_view=&sysparm_record_target=sn_capi_method_mapper&sysparm_record_row=25&sysparm_record_list=cloud_api%3D30866e310b2322003969a387b6673ae1%5EORDERBYcapi_interface_operation&sysparm_record_rows=37
- This is the method mapper that describes ListNodes operation.
- The Mid Script includes "azure-compute-1.0-ListNodes" runs and discovers the VM in Azure.
- Camel context is an interface used to represent the context used to configure routes and the policies to use during message exchanges between endpoints.
- These are the Java class that ServiceNow using CAPIOrchestratorServiceImpl & APIProxyProbe
capiSvrScript.findMatchingMid()
- capiSvrScript.findMatchingMid() is a java scripted API which is responsible to verify the Active MID with Cloud capabilities.
- In this method, we get all matching mids based on capabilities and target(IP Range) then we get active mid, again, based on capabilities, target, and other parameters.
- After that, we call the override mid and this script is had coded, we do not expect this to be changed.
Additional Information
- Once the discovery executes the UI action "Get Subscriptions" would perform successful or unsuccessful authorization if the authorization fails it would throw an error here.
https://<Instancename>.service-now.com/sys_ui_action.do?sys_id=5c3f4c1e0b1003003503e0d425673a59&sysparm_view=
Product Documentation
- Credential handling between MID and Instance: Getting started with credentials
- Details of encryption between MID Server and Azure: Set up MID Servers to connect Cloud Management to an Azure account
- Details of MID server Security: MID Server security and encryption