This weekend I worked on a way to get ServiceNow to easily talk to an OpsCode Chef Server using the Chef Server REST based API. The REST API looks innocent enough at first. However, upon further inspection, we found out that the Authentication mechanism involves some pretty serious SHA Digesting of HTTP Headers as well as signing several headers with a Private Key using the RSA algorithm. After a little research on finding out all of the parts that needed signed and digested, I developed some instructions and a Script Include library that should kick start anyone else hoping to do an integration between ServiceNow and Chef.
Storing the key in ServiceNow
When you create a client record or user within Chef, it will generate a private and public key for you. In order to use the API, you must save the private key to a file. The private key is in PEM format. For us to use it with my library in ServiceNow, we need to save the file in DER format and attach it to a certificate record.
To convert the PEM private key file to DER format, simply use the following openssl command:
Now we need to store the file in ServiceNow. To do this, we are going to browse to System Definition > Certificates.
Click New.
Set the following values on the record:
Name: ChefPrivateKey
Type: Java Key Store
Please note, while we are creating a Key Store record, we are in fact storing a key instead, but ServiceNow doesn’t differentiate at this point, so there is no harm done.
Now attach your DER key file to this record by clicking on the attachment icon and uploading the file.
Right click on the title bar of the Certificate record and click Save
Now get the sys_id to this certificate record by clicking on the title bar of the record and click on Copy sys_id.
Copy the sys_id.
Now, create a system property named: com.snc.integration.chef.privateKeySysId
Paste the sys_id you copied earlier into the value field of your system property that you created.
Set up Server and Client Properties
The library will call a couple of other system properties when it makes its web service calls. For this you work, you will need to create the following properties:
Server URL Name: com.snc.integration.chef.server Value: YOUR_SERVER_URL
Don’t put a trailing slash on the Server URL.
Client Name Name: com.snc.integration.chef.clientName Value: YOUR_CLIENT_OR_USER_ID
This client name or user id must match the private key that we stored in the instance.
Install the Script Include
Browse to System Definition > Script Includes
Click New
Set the Name to be “ChefHelper”.
Then copy and paste the following script into the Script field:
Using the script
With this library, you should not have to build the REST Message record for the API. The library should automatically detect whether the REST Message record is set up. If it is not, it will create it for you and leverage it automatically.
To use this library, simply tailor the following example to your needs:
1 2 3 4 5 6 7 8
// //Get a list of Clients on the Chef Server // var c =new ChefHelper(); var endpoint ="/clients"; var body ="";
res = c.sendRESTRequest("GET", endpoint, body);
gs.log(res);
John is the Co-Founder of Yansa Labs (www.YansaLabs.com). John founded Yansa Labs as a company dedicated to building innovative solutions on the ServiceNow platform. He is a major contributor to the ServiceNow ecosystem. John served as the platform and integration architect at the company for several years.
I am trying to integrate chef with service-now. I am trying to convert admin.pem file to admin.der command using command you mentioned in this post but, it’s giving error that can’t open admin.der file, please help me.
vandna
on May 15, 2015 at 2:48 am
Hi John,
Regarding the last comment, now Error that we previously got is resolved.
But we are getting Error in script include that you provide.
Error:Security restricted: Attempted access to restricted class name java.security.KeyFactory
Evaluator: java.lang.SecurityException: Illegal attempt to access class ‘java.security.KeyFactory’ via script
Caused by error in Script Include: ‘ChefHelper’ at line 260
Hi John,
I am trying to integrate chef with service-now. I am trying to convert admin.pem file to admin.der command using command you mentioned in this post but, it’s giving error that can’t open admin.der file, please help me.
Hi John,
Regarding the last comment, now Error that we previously got is resolved.
But we are getting Error in script include that you provide.
Error:Security restricted: Attempted access to restricted class name java.security.KeyFactory
Evaluator: java.lang.SecurityException: Illegal attempt to access class ‘java.security.KeyFactory’ via script
Caused by error in Script Include: ‘ChefHelper’ at line 260
Please help…