let's kick it off nice welcome everybody to beers with Engineers session 26 I am particularly excited about this session we'll talk more about that later um thanks for joining us uh for as what we will and I always talk about our favorite day of the month um so we always got to start off with the Safe Harbor slide um because we here on beers with Engineers a lot of time talk about products that are either in development under Development coming out soon soon to be released that kind of thing so um please make sure that you only make buying decisions based on actually released products and not anything that we talk about because there are times where things that we say may not necessarily come out in the final GA product so that being said why are we here right this is the kind of General agenda that we'll roll through and we're um very cas ual as always so don't hesitate to come off mute jump in with questions comments anything like that um the intention of this really was will and I um decided that we needed a place to bring together the service now community that is also utilizing Cloud native capabilities and have a place for them to understand learn share ideas and and build a community around it and for us to also get a chance to geek out a little bit so um that that's that's why we built this and that's why we do this every month um so who are we uh my name is Mike gagher uh and as of uh this month I am back at service now um as an iton pre-sale specialist here um very very excited to be back at the mothership um I very much loved my time at drw but I just didn't realize how much I would miss doing this every day so here I am again um I have been in technology for 25 plus years um I always tell everybody I have an invisible propeller um and I uh I just love solving business problems with technology um intelligently and efficiently so um I on a side note I train Brazilian jiu-jitsu as much as I possibly can I hang out with my family and I play a tunnel board games and video games as well and I am not drinking beer today um I'm going to be sticking with water um to try and uh get things back under control for my training so um I I will do my best to have beer for next month will over to you thanks Mike uh Hey everybody will hallum H advisory itom architect um worked in technology for uh quite a few years years at this point um really focusing these days on it operations management type stuff uh really digging into automation especially in you know various Cloud native environments just love to find repetitive tasks and find a way to automate them so that people can spend time on the more the more meaningful Pursuits um in my spare time uh also just love hanging with my family uh do play some pickup hockey here and there and and I enjoy playing video games okay so today's Tech Deep dive is going to be into cloud services catalog uh so I'll just kind of have a few slides up to kind of level set and then really spend most of our time as we generally do in the platform showing you a few use cases that I've uh gone through used uh using the tool so cloud services catalog it's part of the overall Cloud accelerate umbrella if you think of itom uh oftentimes you'll think in terms of okay I've got visibility components and I've got my health components and AI op stuff um there's a another group of functionalities called Cloud accelerate and cloud services catalog fits in there I'll kind of show a graphic on that in a couple minutes just to give you a little bit of a kind of a top down view of that it uh those of you been working in the platform for a while you may be uh kind of familiar with uh uh the cloud provisioning and governance Suite this is a replacement for that it's a a direct descendant of that tool there's a lot of that same code under the covers uh cloud services catalog really focuses in on um enhancing usability and also speeding up that time to Value predominantly by providing some examples in terms of cloud catalog items that you can use to kind of jump start your integration of your cloud provisioning and day2 operations into the service now platform one of the challenges I I found um when when CBG came out I was a customer and it was difficult to figure out where to start because I had all these great capabilities but in terms of building a catalog item that tied back into my public Cloud uh it was left as a you know an exercise to the user to start from scratch and build that from the ground up and so now cloud services catalog does uh does away with that requirement by giving you examples that you can use as a jumping off point uh it so per that it includes various templates uh they're written in terraform which can be used to uh and a guided setup process which let you kind of install that stuff pretty quickly and then start using it to provision some stuff in your environment and then from there you know figuring out what needs to be tweaked or adjusted to fit your particular requirements um per the capabilities that cpg had cloud services catalog still wraps up those Cloud resources into constructs called stacks and it wraps those Stacks in some outof thebox uh scheduling and Lease Logic the scheduling logic is so if you're provisioning something that could be turned on and off like a server it's just got a built-in capability where you can apply an onoff schedule to that uh server or that VM running in the cloud so if you only want it running during business hours the platform will just take care of that for you and similarly the lease logic allows you to put a lifespan on that set of cloud resources and it will just by default let you know when the due date that's established has been reached and then Seven Days Later by default it will deprovision those resources uh there's all kinds of logic under the cover so if it's production it won't actually decommission anything automatically um it provides a very streamlined way to um uh extend extend the lease for the stack owner um making kind of making the end user experience a little uh as kind of smooth as possible while um being mindful of your your Cloud spend and being responsible in using that uh using those Cloud resources and then you can also kind of ad hoc take advantage of things like start stop by um clicking down into that stack resource and saying Hey I want to shut this down for the moment and it's extensible so you can augment those out of the box two-day day two operation Primitives with things on your own that are kind of done repetitively by a person oh um when I did my intro I I neglected to um call out the beverage I will be enjoying which is a Lake Placid Brewing ubu ale from uh Lake Placid Brewing here in New York state isn't there a horror movie named Lake Placid now I gotta go back yeah something to do with large uh like gigantic mutant uh crocodiles or alligators yeah yeah good good call out that's that's a that's a deep cut uh where in the in the product where in our kind of entitlement scheme does cloud services catalog live either under the itom aiops Enterprise V2 overall um skew or if you have at least iton visibility because Cloud Discovery is kind of a prerequisite for a lot of the functionality within cloud services catalog you can um do an alart addition of cloud accelerate and so this slide just captures what falls under that overall Cloud accelerate so in addition to this cloud services catalog piece which is what we're drilling into today you've got Cloud migration assessment which is meant to help facilitating like lifts and shifts from physical data centers into cloud data centers uh the upcoming currently available in Innovation lab Cloud account management which we actually did a session on that a few months back uh which is essentially it's kind of like picture service catalog that lets you provision actual Cloud accounts not just things within Cloud accounts but the cloud account itself and so again that's currently an innovation lab um eventual release is still TBD uh plenty of time to check it out and uh provide feedback to the product team on that uh so we've got cloud services catalog kind of in the middle there and then we've got Cloud configuration governance which is what allows you to establish policies within the platform that are kind of agnostic or Cloud Universal and then can then be used to evaluate your Cloud resources for compliance with various standards and Cloud action Library which essentially gives you uh bunch of pre-baked flow designer actions which can be used to perform Cloud perform automation against various Cloud resources so how do you make use of cloud services catalog uh you've got a bunch of options I mentioned there's a um there's a curated guided setup which will take you from like zero to cloud provisioning in about 30 minutes provided you've got the pieces required like a terraform server in place and the appropriate credentials but what it does is it will deploy a set of example terraform templates to a Target system and then provide you with a bunch of predefined catalog items which you can readily kind of turn on and start using to get a sense as to you know how the tool works and how you can fit it into your environment another option is you can onboard existing Cloud templates so that would be things like cloud formation templates um Azure resource manager templates terraform uh you can discover existing Azure devops pipelines and wrap those with catalog items to kick off a pipeline which will do cloud provisioning or or management and you also still have the ability to create things completely from scratch that experience is very comparable to what we had with the um with the previous uh cpg it a the main difference that I saw as a user is cpg had this layer called a blueprint which was um the ability to kind of collect objects together in a conceptual form and in a cloud agnostic fashion um we found that that generally the level of complexity and Nuance there tended to be a bit of a point of friction and so now now we've kind of bypassed the blueprint layer except is it's basically a pass through so it's really very just heavily driven by these various template formats which we support now so a few things to note few things I ran into working with cloud services catalog that I just wanted to share to hopefully uh further kind of streamline other people's experience there are still a lot of moving Parts it's it makes use of the cpg codebase in a big way um so kind of strategically you would definitely want to take advantage of the copious training and documentation that's out there for cpg there's actually there's a cpg um certified implementer uh track on now learning that is still something that I highly encourage anybody who's going to really kind of go deep into um you know provisioning and managing cloud services via the platform Avail themselves of but because of the enhancements with um the kind of prepackaged content that you can bring into your environment and immediately start to to leverage I would say they should be kind of parallel tracks uh folks shouldn't feel like until they're like certified implementation specialist they shouldn't start looking at cloud services catalog uh it's really just more of a do that kind of stuff in parallel so that strategically when you get to the point where you really want to get in get your hands dirty and do a lot of customization that you've got that training under your belt uh add metadata to existing templates so I I'll be showing examples of that when we walk through the use cases but the um the various template formats support the ability to kind of populate metadata that the native facility like cloud formation or arm or terraform um ignores it's just kind of a pass through which the platform can read through and apply uh filtering logic to the template when it turns it into a catalog item so an example of that if you're in AWS you generally need to select a subnet for your server to go on and the subnet selections are going to be determined by which VPC which virtual private cloud you are provisioning to and so CSC provides the ability to put metadata in the template directly so when it ingests that template into the platform you can tell it hey filter the subnets so it's only the ones that are available in that selected VPC there is an API there's a a full rest API you can use to invoke a cloud services catalog order check status on the order check status on any of the Cloud resources that you provision via CSC and I'll be showing an example of that when I um walk through the cicd pipeline uh use case uh looking through the documentation I was as I was walking through kind of my uh the start of my journey with CSC I I did notice that the conversion of the documentation from CSC over from cpg into CSC is still in progress so certain topics within the documentation we still be talking about cpg uh and at the end of the deck which we'll share out to everybody who's uh attended today I included the kind of the top level links to CSC and cpg because depending on which functionality you need to look up in the documentation there still is some of that stuff is is in the cpg section scope is important so um I noticed that walking through some of the process for or ingesting a new or updated um cloud formation template for example um it was very dependent on me being in the right in the same scope as the catalog item so um if you've you know worked in the platform uh any amount you you've probably run into the little message you get at the top where it says you're in this scope This Record is in this scope click here to edit just doing that does doesn't work with um if you're trying to pull in an updated template into your catalog item and it took me a little trial and error to to figure that out so I just wanted to share that because I um I was trying to bring in a new template and the new button just wasn't showing up even though I had click the uh click here to edit the record um uh related link and all I had to do was just change you know actually change my scope reload my page and and there was my new button so wanted to just show share that uh when it comes to integrating with cicd API Explorer I don't think API Explorer gets enough credit is an awesome tool when you want to integrate with the platform because you can literally just simulate um you know simulate your API call and see exactly what the result would be and it also provides you with handy code Snippets down at the bottom for how to script that same API call um and you know I know I always get a little angsty about like Postman because I never really 100% sure where it's sending the data other than the platform um so it's nice to just have API Explorer available on platform a and then a way to preload or kind of generate the correct payload for your integration to feed initially into API Explorer and then into some kind of a script or or pipeline is this table here SN um SN CMP order that is that actually saves a copy of every single Cloud item that you request using CSC and gives you a Json payload in that record of here's exactly what got passed through and that is that was invaluable in creating my sample integration into a cicd pipeline and the last thing just to call out is that out of thebox terraform stuff if your Cloud accounts are locked down um uh our you know service now has various kind of guard rails and standards in place in our various Cloud environments and um so if that's the case you may have to kind of get in there and tweak them a little so that uh for example it's not trying to just provision a server from the publicly available Amazon Linux um server Ami that that kind of stuff that um so just kind of you know don't don't lose heart if you spin this up in your environment and then you're try and provision something you get some kind of an exception the first time around you you may just need to apply um some basic tweaks and I I'll show you what I had to do in my environment so you just kind of have an example it's um I didn't find it to be a massive speed bump and half the the battle was just knowing that that was going to come up so now everybody listening here is aware that that may come up all right now to the demos okay so when you run through the guided setup that is offered with and it's actually in a little bit of a there's there's kind of two guided setups so I should call out the specific one I'm talking about so um kind of managing and administering CSC is largely handled via the cloud admin portal which is a it's it's been around since cpg but this is kind of the primary interface where for example you can view and work with all of your Cloud catalog items and and so you'll notice it includes a guided setup down here and that's still valid but all that does is kind of sets up the main um CSC slcp functionality there's actually a separate kind of Standalone guided setup which is under filter Navigator uh right here CSC guided setup so that's the one that actually gives you kind of the easy button to uh walk through it literally kind of walks you through the process step by step for onboarding some basic content and um being able to activate some outof the-box catalog items to kind of just start getting your feet wet with cloud service catalog and so that's um that's the guided setup that's really kind of the Lynch pin behind kind of getting quick time to Value from CSC and so when you do that you're going to get a bunch of so about 20 20 seven um with today's today's version Cloud catalog items that are just available and then behind the scenes they are all going to be looking at this terraform code so in my test setup I just provisioned a Linux box um installed terraform on it and then as part of the guided setup it says what's the IP address for your Linux box what's the um SSH credential to get to the Linux box and what directory is the terraform code in so in my case it's this directory here and I have all of these terraform templates which are delivered by the basic setup and the basic setup also kind of automatically ingests those into these corresponding Cloud catalog items so the first use case is essentially just picking one of these and activating it so this one was they all come kind of inactive by default so you you just activate it and then it's going to be available from the okay yeah so this is kind of the cloud services user portal and you get to that via um browse Cloud catalog which is also under the cloud services um you know module within filter Navigator and you can see based on the URL it's based on employee service center it's just kind of a you know a sub portal within the ESC and so now if I go to for example AWS and then I want an ec2 instance so here's my catalog item and so basically just to kind of hearken back to that that watch item that I mentioned if I go into the corresponding temp uh terraform template uh oh CC so what I had to do for our environment because we only allow certain Amis to be used was by default they wanted to like search for like most recent um images owned by a certain account um I just kind of bypass that and then in my catalog item I'm just passing the image name you know of our approved image directly so that was kind of the extent of what I had to tweak to get this to um to work if if you've got kind of like a Sandbox Cloud environment that's largely vanilla you're not going to have to deal with this but a lot of Enterprises at this point have fairly mature you know Cloud governance in place and so just want to call that out that that's you know something to be aware of and and so the user experience here this is you know there's plenty of opportunity for further uh automation to be placed kind of on top of this this is just what you get out of the box which has some basic filtering in place but you know there's all kind this is just standard service catalog stuff so if you want you know to select application cost center Business Service based on the user role who's requesting this you can very easily do that via standard um service catalog constructs what cloud service catalog does add is like I mentioned it's got the concept of this metadata so in the case of terraform you actually create this metadata. snc file and so what this does teradata or um sorry ter terraform looks at this and when it sees that it's just uh s snc metadata it just kind of passes it through what the platform does with this is it says okay for this variable I'm going to look at this Cloud resource pool which is a construct that CSC puts in place is basically Cloud resource pools are they're kind of think of them as canned cmdb queries so for example the cloud key pair pool is querying the table in your cmdb that stores all of your SSH keys for your Cloud resources and then we've got some predefined filters and a popular one is get objects by LDC or logical data center so it's going to automatically filter the available SSH keys that are on my request form based on The Logical data center in this case it's an AWS region that I'm selecting and so we've got similar things for the instance type where it's going to basically generate a list based on the instance types that are available in that cloud account that you're um that you're picking in your catalog item uh Network that actually corresponds to the VPC virtual private cloud in AWS and uh subnet and so youve got kind of built-in filtering you can also apply filters once the catalog item is created uh this just provides a way to kind of streamline that and pre-load the catalog item with filters based on the content of your template so just going through my example it wants an environment which would test uh it wants my Amazon image name which I have in my paste buffer here and so as I mentioned Network corresponds to VPC so I've got kind of a filtered list here of here you know basically it's showing me the vpcs that are available in this cloud account and so um as I mentioned this this kind of stuff it's powered by Cloud Discovery so it is a prerequisite to make the most of CSC that you have Cloud Discovery running to pull those those resources into your cmdb so they can be used for filtering um oh somebody's got their hand raised Zach do you have a question sorry that was a misclick oh okay no worries um so there that being said you know as with all things in the platform there's ways to work around you know if you if you've got you don't have everything in your Cloud estate in your cmdb there's ways to address that like I said this is just sitting on top of standard service catalog um kind of the most streamlined way is certainly to maximize your Cloud Discovery and have as much of your Cloud estate in your cdb as possible um but it's not an absolute showstopper if you don't you just would have to kind of populate if you want to have filters in place for certain values you would just have to apply your own logic against whatever um kind of whatever choic list you were going to maintain to allow to you know determine what acceptable values would be for those fields that were being populated in the catalog item so let's see I'm going to pick my SSH key got my VPC selected uh so when I change my VPC updated the list of subnets that were available to choose from and then got a list of instance types based on what instances are available pick something that's not a huge server that costs aund $100 an hour uh so another thing to mention is that there's builtin um there's built in policies with CSC so for example if I picked some huge you know 16 core VM you can configure policies via this uh Cloud admin portal excuse me such that you add additional approvals for example if somebody you know tries to provision some ridiculously large resource that's going to be super expensive okay so I'm not sure if you noticed but just to call out uh nice feature of the UI is it does kind of show you here a summary of variables that have or fields that haven't been haven't been populated which is kind of nice so you don't have to just uh click and click and pre you've got a pretty kind of positive indicator up here if you've got any information outstanding so I'll go ahead and order that and then I'll go over to my list of requested items and see if it needs any approvals I kind of left my approval flows more or less out of the box um so I think I might have yeah so so now this request for provisioning is sitting in an approval waiting for approval State I'll go ahead and improve that and again this is all configurable so and it can be configured based on the selections that are made in the catalog item so that you can have some things that are um just um Auto approved and then other things that require some approval and then other things that are proba require even more okay so I've gone ahead and approved my request and so now see if I'm go back to the kind of the user The requester View and open up that'll kind of give you a running status of what's going on so it says that it's processing the provisioning request right now and there is from an admin perspective there's really good visibility into what's going on Via the cloud admin portal so we've got this Trails um list view available under the operate heading and it's kind of showing you everything that's going on as far as Cloud API calls that are going out from the platform and my request is complete so if it had run you know into any issues then it would generate a task which would a catalog task which would go off to the appropriate fulfillment team for diagnosis and and resolution so now again from my kind of request riew I can drill into that stack and that will show me the stack itself and then the individual components that got provisioned as part of it uh if I could look at the stack full details here you know I can see when the lease end date is and then so you know I mentioned that there's do it keep going back to the Nick sure try reloading browser cache seems to be very interested in that network interface card so again for something that's provisioning a compute resource like a VM we provide some out of the box actions uh start and stop fairly straightforward modify schedule so if I wanted to change this to be operational only during business hours I could do that via the modified schedule operation the modify lease operation that's what I would use if I determine I need the resource a little longer than I originally asked for and again um all that stuff can go through approval uh flows if that's desired completely configurable within the tool and then deprovision if I preemptively want to take those resources away because I'm done with them and I want to be a good corporate citizen that's available as well and so this is kind of the overall view of all of the stacks that are available this is kind of the global view showing Stacks owned by anybody in the platform I can limit that down to see only the stacks that I own and it'll show me their current status and I can drill down into each of them and get back to that individual stack view all right so second second use case is if you've got say you've got um existing templates that are being used kind of in their native form like cloud formation for example to provision infrastructure and you want to just take those and integrate them into the platform so you can apply all of those cool um you know approval the visibility the audit Trail and the point-and-click um you know day day two operations I'll walk through what involved with doing that now so I'll go to my cloud admin portal Cloud catalog items and I'll start by creating a new Cloud catalog item in this case I've got a a cloud formation template which I've been using for years from just like command line interface to spin up servers now I just want to wrap that up into the platform so that it can be more readily accessible and um maintained in a in a more robust way than just sitting in a directory on my on my Linux server and I would guess this is probably going to be a more common use case for a lot of customers right a lot of customers are already kind of down the cloud adoption pathway right and this is much more likely to be oh hey we're going to ingest our existing cfts or something like that into this that would totally not surprise me this was literally what got my feet wet with um wasn't even cpg they called it CMP at the time Cloud management platform I think um and we already had cloudformation templates and just wanted to put a you know a nice kind of ordering user experience in front of it yeah so I'm creating a new C Cloud catalog item and so now I select the kind of template so if I wanted to pull in from something like um Azure devops or terraform that would be a configuration management template then you can select Azure devops or three flavors of terraform uh Enterprise um terraform environment refers to terraform running on Linux or if you've got terraform running on Windows then you'd select that so in my case I've got cloud formation and then I will save the record and it should update kind of the related list down here so once I've said okay this is a this is an item that's going to use a cloud formation template we've got our Cloud templates related list down here oops let me save that because I updated the description and so just a quick note when you've got this stuff stored in something like terraform or Azure devops the tool provides the concept of in infrastructure as code Discovery and so what you do is when you've got Ado or terraform you create what's called a provider which is a record that kind of says here's the IP address for my terraform serers the directory it's in ETC and so you can create a discovery schedule that'll actually go out and it'll read this directory that I'm in right here and so if any of these um terraform templates have changed then what'll happen is it'll pull in the newer version and it'll generate it'll actually generate um under the IAC topic it'll generate change tasks which are basically tasking hey some terraform cone change you've got to review it and see whether you want to pull in those changes into your catalog items or not so it kind of streamlines the process and that that integration point between you you may have a team maintaining your terraform code separate team maintaining your platform and this is some functionality that allows you to kind of close that Gap and alert kind of the the platform side when hey there's some new terraform stuff out there that may need to get pulled into their corresponding catalog items back to my catalog items so I can pull in a template hey Will quick question I was asked one time when we do that um do we do revision history against the pre previous template or we just dropped the previous template and Ed the new one it keeps it um my observation is it keeps two versions it keeps the previous version and then it keeps the current version um so what that looks like is go back up to the main the main I didn't to Sidetrack you sorry about that no man this we're all we're all about interjecting with questions that's what it's all about um yeah so if I look at this one here for example here's here's what it kind of looks like if you've got iterations so what you'll see down here is there'll be a version number on the cloud template and one of them will be in active and one of them will be draft perfect I did not know where to find that perfect I actually many moons ago I used used this to deploy an a an arm template that deployed an AKs cluster and uh it kept a lot of versions of that because it took me a lot of like iterations to try and nail it exactly right because my my arm was only so so at the time yeah but but yeah it'll keep a lot of versions and it'll keep it there and keep it on track and and it's nice that you can you know determine which one's published what's one draft State and you can revert back to previous versions if something goes wrong yeah basically what'll happen is when it when you add a new version it'll it'll flag each variable that it parsed in and then you can pick whether to apply the change to the catalog item or not and then when you're happy with it there's an activate button you click the activate button and it makes that version the active version cool cool thanks so now I'm adding my new Cloud template version um and so you can pick you can either either copy and paste the template into the field here you can upload a file or you can import from a URL uh I will upload the file from my laptop and my file is this guy right here server testbox one. Json and so this is the first version you see it basically it parses all of the variables that are in that template and since there's no version previous excuse me it it automatically sets the decision to use whatever is in the template um and you know it's kind of like immutable because there's no other option this is the first version that I'm pulling in um so it it does kind of integrate the metadata that I've put in there to tell it what um what out of the box filters to apply for some of the fields so that's what's in this data source value column is like if I go to my template uh metadata is under the parameters so I did Define some metadata just to make it kind of easier not have to kind of do it after the fact within within the platform form you can do it in both spots I just chose to add those filters to the template itself before I pulled it in just to kind of um speed up the process a little so since this is the first version it's kind of an no-brainer we'll just activate it and so what it's doing is it's now taking those variables and adding them as a variable set to my catalog item which it's in the process of create which I was in the process of creating okay so now it says my template version is active I go back to my catalog item see I've got version one it's active I want to make it available let's click the activate update it if I go back to my user experience now I've got my second catalog item that I put in there and there we go it's all populated based on the fields that were in my cloud formation template and I've got again I've got kind of my filtering in place so when I select the VPC it's only going to give me security groups that are available in that VPC it's only going to give me subnets that are available in that VPC Etc okay um so the third use case that I thought would be interesting is if I got a cicd pipeline that needs to provision Some Cloud infrastructure before it can actually do its work whatever it is it's it's meant to do and so what I've done there is I've created an example Pipeline with some source code here so I've created a simple git repo just contains three files because doesn't actually do anything other than provision infrastructure because that's the kind of the example um that it's uh that it's meant to illustrate so again going back to that um the the one slide where I went over things to kind of be aware of it was instrumental in putting this together to use the rest API um the the API Explorer within the platform and um and this one table the the um CMP order table so actually have a shortcut for it it's called it's it's uh counterintuitively named Cloud orchestrations the name of the table is SN underbar CMP underbar order so the first step I went through was I just I picked the catalog item that I wanted my P line to order automatically and I ordered one via the standard catalog interface and then I just brought up the corresponding record within this um the CMP order table and right in here it shows me the order form data that was submitted and so from that I just derived this first file in my rep which is just a Json format list of list of resources and these values are just the values to plug into the catalog item that's being requested and so the next thing I did was I went to rest API Explorer pulled up the What's called the CMP catalog API uh submit cloud services request post call and I just constructed an example payload just to kind of provide a test so I put the payload together posted it verify that it actually submitted the order that I expected it to submit and then I just clicked down here and got an example python snippet to make that API call so then I took that code and turned that into my request infrastructure python script and I added logging and like there's stuff over here where it's basically going to pull out the the variables like the instance URL username password and stuff from the pipeline as as uh environment variables and then the secure stuff like credentials since I'm in adws using their code build cicd tool I stored those in Amazon uh Secrets manager so that they would be protected and I actually I captured this I've captured this in a community article um and there's going to be a link to that in the slides so if folks are interested in kind of digging a little deeper and actually looking at the code uh in a more in-depth way that's going to be it is available uh today and and I'll have the link to that in the uh slide deck when we distribute it and so I mean this thing literally took me like 45 minutes to put together using using those tools and as a result when I go to my Pipeline and trigger a build it'll go ahead and make a rest API call into cloud service catalog saying hey I need some infrastructure and so for example if you wanted to have Gates around that like if somebody was requesting infrastructure via CD pipeline that needed review it would tie into those same uh approval flows that you put in place using CSC so the other um the other main thing that I put into the um or the main functionality that I put into my example script is it does have a little Loop so it'll make a a rest API call saying hey I'd like to order this Cloud infrastructure so it just did that and so the response to that is logged here so it sees here's your requested item number and then all the other details and then I put a little Loop in there to wait 30 seconds and then make another API call saying um you know check the status of this Cloud resource request and it'll just keep looping until that resource request sh shows uh com um close complete and if it shows like close incomplete or close skip then the pipeline will fail and go into error you know exception handling or whatever so here's the first iteration of that and it's still in an open state so it's back to the weight Loop waiting another uh 30 seconds where it'll check again um if I look see if I look back here on the kind of the cloud services port page leave that because that was just an example if I go and look at all Stacks because I'm using a service account for the cloud pipeline stuff so I can see that there's a cloud pipeline um stack shows active so if I go back to my builds it should yep so the second iteration of kind of checking status it if it'll stop scrolling on me um it should show the closed complete I can highlight it yeah right there so it's got a close complete so my script exits and then if this was a real cicd pipeline then it would kind of do some work on those resources that had been provisioned this is just an example but that's um that's what it was meant to just show is that you can get the best of both worlds where you're provisioning via cicd pipeline but you've got the same approval flows and policy um guard rails and auditability of funneling it through the platform which is the number one way that most customers are gonna want to consume stuff right um the vast majority of customers that you know when they have development teams right you tell them hey go click around on this thing and order this thing and fill in these fields be like no thanks can I have an API please so um yeah so doing that via the API is definitely going to be your bonus um that's a huge I think that's a huge win for us so nice work looks awesome okay so those are the use cases um like I mentioned this the the API stuff cicd pipeline I did do a community article and the link to that will be available in the slides when we send them out I also included a link to the cpg training um which I definitely recommend at some point but don't consider it a blocker um at this point uh for our standard let's turn off the rec well actually before we wrap and do that uh a couple quick things so one I just wanted to share right the um they just put in the notification about the new discovery admin workspace that's coming out um it's going to be part of the zanadoo um roll out and um it actually has built into it some uh links for helpful documents and and Community articles and uh beers with Engineers is canonized in there as their their to beers as Engineers on specific Health topics in there so U will and I caught that and we're pretty proud and excited about that Kudos Kudos thank you yeah that's pretty cool and we'll there's a community link about installing the new discovery admin workspace I will include a link to that when we send out the slides because it it's definitely even even if it didn't have direct links to beers with Engineers session recordings it's still pretty cool it's a One-Stop shop for the discovery admin to kind of um get to the root of Discovery issues and keep track of how discovery's running and stuff so it's it's a pretty sweet capability but pretty pretty nice that they thought our content was or or the machine learning algorithm or whatever it is that's picking those links um deemed our content worthy of inclusion actually like in platform somewhere so that's that's pretty cool yeah it's very exciting uh and in addition to that um we'll be U sending out invites and updates um for the next session um as it stands right now we're thinking about potentially covering um integrating with hashy court Vault uh in order to use it as an external Secret store um for doing Discovery and other various things so um hit us up if you have questions or thoughts around that or other um session uh topic ideas that you'd like to share with us so cool