vRA8 with ServiceNow External Approvals
Let's use ServiceNow with vRealize Automation 8 as an external approval system.
Table of Contents
History
vRA7 approval system supports easy integration with external systems via event subscriptions. Event messages are created when approvals required and workflow subscriptions provide integration with external systems, such as ServiceNow or other service management platforms.
Based on the workflow output requests are approved / rejected.
vRA8 approval system
Limitations
vRA8 (up to 8.3) does not support approvals via EBS, only vRA users can approve. Event broker subscriptions can be used to start a vRO workflow right after the requests submitted but potentially long-running workflows do not give any feedback to the user why the deployment takes so long.
Workaround
To provide a better user experience we'll reuse the current approval policies. The idea is to set a service user as the approver, and approve the vRA request via REST API. We need a background process to wait for the external approval to happen and once the decision is made this process can let the vRA request go. This background process will be running on vRO as a scheduled workflow.
We'll run this external system polling workflow recurrently. This helps to avoid long-running workflows: we check if the external approval has happened and go back sleeping if it has not.
Sequence
The following diagram shows the steps in case of a deployment request.
Policy
Let's create an approval policy in Service Broker for Deployment Create action. Approver is a service user:
ServiceNow
You can register a developer ServiceNow instance at https://developer.servicenow.com/ if needed.
We need a catalog item that is not auto-approving. Ordering the catalog item results in a request that we'll wait to be approved. We will use a default demo catalog item for testing purposes: VM Provisioning
Also a service user must be created for REST API. This user needs access to the chosen catalog item.
vRO
We need two REST endpoints. ServiceNow API uses Basic authentication, so we create a REST host providing the credentials as well:
For vRA REST API we use the Orchestrator Plug-in for vRealize Automation:
Workflows
Now import the integration package com.servicenow.approval that will provide the workflows:
| Workflow Name | Function |
|---|---|
| Request Approval | Open ServiceNow request and schedule polling workflow |
| Catalog - VM Provisioning | Request the catalog item (subflow) |
| Poll SNOW and Approve vRA | The scheduled workflow checking ServiceNow and approving in vRA |
| Check Approval Status | Fetches the approval status of the request opened (subflow) |
Download
Workflows and package can be downloaded: https://github.com/kuklis/vra8-servicenow-approval
vRA
Event Broker Subscription
Now we create the EBS that'll trigger the workflow Request Approval. Event topic is Deployment Requested:
Event is fired before deployment is provisioned for both cloud template and catalog requests
We filter the event by type to ensure only deployment create will trigger it:
event.data.eventType == "CREATE_DEPLOYMENT"
Test Catalog Request
Let's try the solution out in Service Broker. After submitting the request, we can see an approval is needed:
Request is opened and pending for approval:
Once it is approved, the deployment completes:
In case ServiceNow request is rejected, vRA deployment is also rejected:
