Chapter 32. Approval and Quota

We discovered in Chapters 18 and 19 that the virtual machine provisioning process includes an approval stage—to allow administrators to optionally approve large VM requests—and a quota-checking stage that enforces quotas applied to access-control groups or tenants. We also learned that these workflows were triggered from MiqProvisionRequest_created and MiqProvisionRequest_starting policy instances. When we create a virtual machine from a service catalog item, however, our request object is different, so we cannot rely on the existing approval and quota workflow triggers.

This chapter examines the approval and quota workflows for when we provision a virtual machine from a service catalog.

Triggering Events

When we order a new virtual machine from a service catalog, our request still needs to be approved and matched against our current tenant or group quota. As with virtual machine provisioning, each of the corresponding service provision workflows is triggered by the request_created and request_approved events, but the request object type is different. It is now a service_template_provision_request.


The approval process for a service provision request starts with the /System/Policy/ServiceTemplateProvisionRequest_created instance being run as a result of a request_created event. This instance contains two relationships, rel5 and rel6.

The rel5 relationship performs a service provisioning profile lookup to read the value of the auto_approval_state_machine ...

Get Mastering CloudForms Automation now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.