If your organization's business processes require manual review and approval before Puppet code is deployed to certain environments, set up an approval group of individuals with the authority to provide the needed review and sign-off. These approvers are contacted each time a deployment to a protected environment is proposed.
Before you begin
Enabling a manual approval checkpoint on deployments to protected Puppet environments is a two-step process. First, designate the Continuous Delivery for PE users with the authority to approve or reject deployment requests. Next, designate the Puppet environments that require manual deployment approval.
Create an approval group. The members of this group review all proposed
deployments to the environments you designate as protected and manually approve
or decline each deployment.
- In the Continuous Delivery for PE web UI, click Settings.
- In the Groups tab, click + Create Group.
- Enter a name (such as Approval) and description for your new group, then click Create Group.
- Click Go to Groups and click View Group Details for the group you just created.
In each permissions category, click + Set
Permissions. Select the permissions you wish to assign
to the approval group and click the blue Set
Important: At a minimum, the approval group must have the List permission for Control Repos in order to view and approve or deny deployments.
In Group Members column, add the individuals
with the authority to approve or deny deployments to protected
To add a new member to the group, click + Add Member, and search for the user you wish to add by username or email address. When you locate the user you wish to add, click Add User.
To remove an existing member from the group, click Remove Group Member and confirm your action.
Designate which Puppet environments require
- Click the Puppet Enterprise tab.
- Click the number (likely "0") in the Protected Environments column for your PE instance.
- Select the Puppet environment that requires deployment approval.
- Select the approval group you created in step 1.
- Click Add.
- If necessary, repeat these steps to designate additional environments as protected, then click Done.
Now that this set-up process is complete, each time a deployment to the protected environment is triggered, either manually or through a pipeline run, the members of the approval group receive an email and a message in the message center alerting them that approval of the deployment is required.
A member of the approval group must review the deployment's details page and click Provide Approval Decision. After they approve or decline the deployment, a record of their decision is added to the deployment's details page.