Create service connection for ServiceNow in Azure Pipelines

ServiceNow is a software-as-a-service (SaaS) provider of IT service management (ITSM) software, including change management. Specific change management subprocesses include change risk assessment, change schedule, change approvals and oversight. With change management, your organization can reduce the risks associated with change, while speeding up the deployments with Azure Pipelines.

This extension enables the integration of ServiceNow Change Management with Azure Pipelines.

It includes

A release gate to hold the pipeline until the change management process signals implementation for a change request. You can create a new change request for every deployment or use an existing change request.

An agentless task to update a change request during the deployment process. It is typically used as the last task in the stage.

The deployment process in Azure Pipelines helps automate the deployment and complement the controls offered by ServiceNow. For more info Servicenow Training

Install Azure Pipelines app on ServiceNow

Integration requires the Azure pipeline's application to be installed on the ServiceNow instance.

Create users and accounts in ServiceNow

For the two services to communicate, a service/user account in ServiceNow must be granted the x_mioms_azpipeline.pipelinesExecution role. Create or edit a user in ServiceNow for this purpose.

In case you wish to use OAuth for communication between services, Azure DevOps should be registered in ServiceNow as an OAuth app.

Create service connection for ServiceNow in Azure Pipelines

Service connection in Azure DevOps store the connection details for external services. The connection details are securely passed to tasks and gates during execution, enabling communication with the services. ServiceNow service connection supports two authentication types - Basic authentication and OAuth2.

You must have a compatible Azure Pipelines application installed on the ServiceNow instance. It is recommended to use the latest version application and gate/task.

Basic authentication

This needs a service account (user) to be created in ServiceNow. Provide username and password for the service account configured for basic auth.

OAuth2 authentication

In addition to granting a role to a user in ServiceNow, Azure DevOps should be registered in ServiceNow as an OAuth app.

Register your OAuth configuration in Azure DevOps Services

Sign in to Azure DevOps Services.

Add OAuth configuration from Organization settings>Oauth configurations

Gate can be configured to create a new change request for every run of the pipeline or use an existing request. Inputs provided in the gate are used as properties for the new change request in ServiceNow, if applicable.

Inputs for Gate:

ServiceNow connection: Connection to the ServiceNow instance used for change management.

Action: Gate on status of a new change request or an existing change request.

Change type: Type of the change request.

Standard change template: Change the template name for the change request.

Short description: A summary of the change.

Change query criteria: Criteria for querying change requests. Must uniquely identify the change request. The gate would fail if multiple matching change requests are found.

Query string/Change request number: Change request to use.

Additional properties can be set in the created change request using the following inputs. Note: Available inputs change based on the selected change type.

Description: A detailed description of the change.

Category: The category of the change eg. Hardware, Network, Software.

Priority: Priority of the change.

Risk: The risk level for the change.

Impact: The effect that the change has on business.

Configuration Item: Configuration item (CI) that the change applies to.

Assignment group: The group that the change is assigned to.

Schedule of change request: Schedule of the change as honored by the ServiceNow workflow. Date and time should be in UTC and format should be yyyy-MM-ddTHH:mm:ssZ. eg. 2018-01-31T07:56:59Z.

Additional change request parameters: Additional properties of the change request to set. Name must be field name (not label) prefixed with 'u_' eg. u_backout_plan. The value must be a valid, accepted value in ServiceNow. Invalid entries are ignored. Get more info from Servicenow Certification

Gate Success Criteria :

Desired state of a change request: The gate would succeed and the pipeline continues when the change request status is the same as the provided value.

Advanced: Specifies an expression that controls when this gate should succeed. The change request is captured as root['result'] in the response from ServiceNow. Example - and(eq(root['result'].state, 'New'),eq(root['result'].risk, 'Low')).

Gate Output Variables : ServiceNow gate produces output variables. You must specify reference name to be able to use these output variables in the deployment workflow. Gate variables can be accessed by using "PREDEPLOYGATE" as a prefix in an agentless job in the workflow. For eg. when the reference name is set to 'gate1', then the change number can be obtained as $(PREDEPLOYGATE.gate1.CHANGE_REQUEST_NUMBER).

CHANGE_REQUEST_NUMBER : Number of the change request.

CHANGE_SYSTEM_ID : Sys Id of the change request.

Add a task to update the change request

Inputs for Update change request task:

ServiceNow connection: Connection to the ServiceNow instance used for change management.

Change request number: Number of the change request to update.

Update status: Select this option to update the status of the change request.

Updated status of a change request: Status to set for the change request. This input is available if Update status is selected.

Close code and notes: Closure information for the change request.

Work notes: Work notes for the change request.

Additional change request parameters: Additional properties of the change request to set.

How to register Azure DevOps in ServiceNow as an OAuth App

If you plan to use OAuth to connect to your ServiceNow instance from Azure DevOps account, you first need to register the Azure DevOps as an OAuth app in ServiceNow.

Navigate to System OAuth > Application Registry and then click New.

On the interceptor page, click Create an OAuth API endpoint for external clients and then fill in the form. For the Redirect URL, use the following pattern to construct the URL. {Azure DevOps Services Organization URL}/_admin/oauth2/callback.

Click Submit.

Upon submission, you will see a page that provides the Client ID and Client secret for your registered OAuth application.

Debugging advanced success criteria expression specified in the gate

Run a release pipeline that has ServiceNow gate configured in debug mode.

View gate logs and look for expression parsing results. You will see why expression evaluation failed.

As expression evaluation is based on response to Get change request API call to ServiceNow instance. Check ServiceNow response and confirms if the properties returned in API response match to the one used in the expression.

Steps to add a mapping for custom fields in Import set transform map :

Adding custom fields in the import set table: Log in to your ServiceNow instance and open link : https://<Instance-name>.service-now.com/v_ws_editor.do?sysparm_query=name=x_mioms_azpipeline_change_request_import

Select 'Copy fields from the target table'

Select Target table 'Change Request [change_request] from dropdown.

Click on 'Update'

To get in-depth knowledge, enroll for a live free demo on Servicenow Online Training