This article will demonstrate about the Credential exchange or handshake between the ServiceNow Cloud Management Platform API and Azure Cloud.
- During an API call to discover resources in Azure, the API DSL is populated with the credential id and this is sent to the probe.
- The probe APIProxyProbe is what runs in the ECC queue when we discover any resources in CMP.
- This probe has a method called getCredentialsById(credential) which uses a factory method to get the Credential details back to the probe.
- The probe then uses camel context to send the credentials as part of the request header to endpoints.
- This header is provided to the script that is defined in the CAPI method mapper which uses rest API calls to discover the resources.
- Understand which script includes are mapped to a particular discovery please check the CAPI method mappers. For eg :
- This is the method mapper that describes ListNodes operation.
- The Mid Script includes "azure-compute-1.0-ListNodes" runs and discovers the VM in Azure.
- Camel context is an interface used to represent the context used to configure routes and the policies to use during message exchanges between endpoints.
- These are the Java class that ServiceNow using CAPIOrchestratorServiceImpl & APIProxyProbe
- capiSvrScript.findMatchingMid() is a java scripted API which is responsible to verify the Active MID with Cloud capabilities.
- In this method, we get all matching mids based on capabilities and target(IP Range) then we get active mid, again, based on capabilities, target, and other parameters.
- After that, we call the override mid and this script is had coded, we do not expect this to be changed.
- Once the discovery executes the UI action "Get Subscriptions" would perform successful or unsuccessful authorization if the authorization fails it would throw an error here.
- Credential handling between MID and Instance: Getting started with credentials
- Details of encryption between MID Server and Azure: Set up MID Servers to connect Cloud Management to an Azure account
- Details of MID server Security: MID Server security and encryption