The on Resource operation trigger fires during the Orchestration process when a user performs a Start, Stop, or Deprovision life cycle operation on a specific resource. A policy that is triggered by the on Resource operation trigger can override a user-requested attribute value, run a script, call a Cloud API, or perform an IP address management operation.

Before you begin

Procedure

  1. In the Cloud Admin Portal, navigate to Govern > Policies.
  2. Open a cloud policy and set the policy to the Draft state if needed.
  3. Open the rule that should perform the action and then click New on the Policy Rule Actions related list.
  4. On the popup, click Create for the type of action to perform, enter a unique and meaningful Action Name, and then fill in the form for the action.
    Create Action popup
    Table 1. Settings for the 'Property Override' action
    Field Description
    Property Specify the name of the property (attribute) on the user request form to override.
    Value
    Enter a value that overrides the value in the Property field. You can override text values only. You can specify a static value, an expression, or both. The example action, named SetTheCostCenter, specifies the value Marketing for the CostCenter property.
    Figure 1. Configure a Property Override action
    Configure a Property Override action
    Note:

    When both a policy rule and a form rule overwrite a value, the value in the form rule is used.

    Expressions can perform the following actions (see Using expressions in Cloud Provisioning and Governance for details):
    • Set form data values using definition expressions. For example: ${parameter.formData.CatalogAttributeType}
    • Assign user data values using definition expressions. For example: ${parameter.userData.userId}

      For example, the following value can set the stack name to Stack_Bob.Smith@company.com: Stack_${parameter.userData.userId}

    • Set stack or table values using runtime expressions.

      For example: $(ci.sn_cmp_ip_pool[subnet=${parameter.formData.Subnet Id}]) takes the subnet from the IP Pools table.

    • Associate a random number with a field using static expressions. Use: ${randomNumber}
    Is Script Based Select the check box to display the Script text box and then specify the script.

    You can use the following example script snippet to override a stack name. The function( formData) section of the script modifies the values for fields on the form. MyStack is the stack name in this example.

    customScript : function( formData){
               // Manipulation of form parameter is only supported here. 
               // Change in any other attributes will be ignored
               // data available for manipulation are
               // Form Data - Ex. StackName can be accessed 
               // through formData.StackName
               // formData.StackName = "MyStack";
               // User Data - Ex. User Id can be accessed 
               // through this.parameters.userData
               // if(this.parameter.userData.userId == 'servicenowuserId')
                  formData.StackName = "MyStack";
                  return formData;
                },
    Table 2. Settings for the 'Execute a Script' action
    Field Description
    Action Script Category Select a category.
    Action Script Name Specify a unique and meaningful name for the script.
    Action Script Create the script in the text box.

    See Create a policy action script for details.

    If you select the Call Cloud API action type and save the record, the Policy Rule Action Attributes related list is populated with the attributes to pass to the provider. If you are integrating with Infoblox, you must configure the DNSSuffix field. When you create a host, for example, the value in the DNSSuffix field appears in Infoblox for the newly created virtual machine.

    Table 3. Settings for the 'Call Cloud API' action
    FieldDescription
    Action Name Enter a descriptive name for the action. In subsequent policy actions for the same policy, you can reference this name in a Value field. It refers to the JSON payload that is received from the cloud provider after an API call. For example, to reference an allocated IP address that was returned by the action that is named RefAction, you can use the following expression in the Value field of another policy action: $(parameter.RefAction.Allocated_IP}.
    Provider Enter the cloud provider from the API library.
    Version Enter the version from the API library.
    Interface Select a CAPI interface. For Infoblox, select IPAM interface.
    Operation Select a CAPI interface operation to perform. For Infoblox, select CreateHostRecord or DeleteHostRecord.
    Credentials Enter the sys_ID of the necessary credentials.
    You can also use an expression like: 
    $(ci.sn_cmp_infoblox_server[$(ci.sn_cmp_ip_pool[subnet=${parameter.formData.SubnetId}].provider_instance)].infoblox_server_credential)
    Endpoint URL Enter the endpoint URL of the connector from the API library. For Infoblox, it is the IP address of the Infoblox server.
    Table 4. Settings for the 'IP Address Management' action
    Field Description
    IPAM Method Name Select the IPAM Method Name. For Infoblox, select one of the following options:
    • Release IP Address: Release an IP address from Infoblox when a machine is deprovisioned.
    • Register IP Address: Register a new virtual machine to Infoblox. This option is used by AWS and Azure clouds.
    • Reserve IP Address: Reserve a new IP address. This option is used by a vSphere cloud.

    See Register IP addresses for AWS and Azure virtual machines in Infoblox, Reserve IP addresses for VMware vSphere virtual machines in InfoBlox, and IPAM integration.