Approvals

Updated 6 days ago by Michael Katz

Your Workflows and Pipelines can include Approval steps, which require deployments to receive approval before they can proceed. This topic covers:

Intended Audience

  • DevOps

Jira-based Approvals

For details on Jira integration with Harness, see Jira Integration.

You can add approval steps in both Workflows and Pipelines, and use Jira issue workflow statuses for approval and rejection criteria.

Here is an example of the Workflow statuses for a Jira issue:

Here is a Workflow Jira approval step using the same Jira statuses for criteria:

You can add a Jira approval step in a Pipeline. Here is a Pipeline containing two Workflows and a Jira Approval step.

The first Workflow includes a Jira step that creates a new Jira issue, as described in Jira Integration:

The Variable Name is Jiravar and the Scope is Pipeline. This will enable the output variable to be used in any stage of the Pipeline. The output variable uses the issueId property and so the resulting variable reference is ${Jiravar.issueId}. You can reference the Jira issue anywhere in the Pipeline using ${Jiravar.issueId}.

Next, let's add a Pipeline Approval step that uses ${Jiravar.issueId}.

In a Pipeline, click the Insert a Stage (+) button to add the Approval step:

The new stage dialog appears. Click Approval Step to see the approval settings.

The Approval Step has the following fields:

  • Ticketing System - For Jira, select Jira.
  • Jira Connector - Select the Jira account you want to use by selecting the Collaboration Provider you added for the account, as described in Add Jira as a Collaboration Provider.
  • Project - Select the Jira project containing the Jira issue you will use for approval.
  • Key/Issue ID - Enter the output variable for a Jira issue created in a Workflow, such as ${Jiravar.issueId}. Although we are demonstrating approval using the ${Jiravar.issueId} variable, you can also simply enter the Jira Key/Issue ID for any Jira issue in the Jira project.
  • Timeout - Enter how long Harness should wait for the approval or rejection before failing the deployment.
  • Approved Status Criteria - The Field Name, Operator, and Value drop-down menus are populated from the Jira project you selected. Define the approval criteria using the Jira status items.
  • Rejected Status Criteria - Define the rejection criteria using the Jira status items.

When you finished, the approval step will look something like this:

When you deploy the Pipeline, the Approval Stage will display a link to the Jira issue selected for the approval:

Click the link in the Approval step to see the Jira issue in Jira's UI.

Select the Approval Criteria. In this example, the status Approved fulfills the Approval Criteria.

Once the Jira issue is approved, the Approval stage is green in Deployments, and the deployment continues:

ServiceNow-based Approvals

For details on ServiceNow integration with Harness, see ServiceNow Integration.

You can add approval steps in Pipelines (and Workflows) that use ServiceNow ticket statuses for approval and rejection criteria.

Here is a Pipeline containing two Workflows with a ServiceNow Approval step in between them.

We will walk through how the ServiceNow ticket is created in the first Workflow, and then how a ServiceNow approval is used in Stage 2.

The first Workflow includes a ServiceNow step that creates a new ServiceNow issue, as described in ServiceNow Integration:

The Variable Name is snow and the Scope is Pipeline. This will enable the output variable to be used in any stage of the Pipeline. The output variable uses the issueId property and so the resulting variable reference is ${snow.issueId}. You can reference the ServiceNow issue anywhere in the Pipeline using ${snow.issueId}.

Next, let's add a Pipeline Approval step that uses ${snow.issueId}.

In a Pipeline, click the Insert a Stage (+) button to add the Approval step:

The new stage dialog appears. Click Approval Step to see the approval settings.

The Approval Step has the following fields:

  • Ticketing System - For ServiceNow, select ServiceNow.
  • ServiceNow Connector - Select the ServiceNow account you want to use by selecting the Collaboration Provider you added for the account, as described in Add ServiceNow as a Collaboration Provider. Use the same provider you used to create the ticket in the Workflow.
  • Ticket Type - Select the ServiceNow ticket type. Use the same type as the ticket you created in the Workflow.
  • Issue Number - Enter the output variable for a ServiceNow issue created in a Workflow, such as ${snow.issueId}. Although we are demonstrating approval using the ${snow.issueId} variable, you can also simply enter the ServiceNow ticket number for any ServiceNow ticket in the account.
  • Timeout - Enter how long Harness should wait for the approval or rejection before failing the deployment.
  • Approved Criteria - The Field NameOperator, and Value drop-down menus are populated from the ServiceNow account you selected. Define the approval criteria using the ServiceNow status items.
  • Rejected/Closed Criteria - Define the rejection criteria using the ServiceNow status items.

When you finished, the approval step will look something like this:

When you deploy the Pipeline, the Approval Stage will display a link to the ServiceNow ticket selected for the approval:

Click the link in the Approval step to see the ServiceNow ticket in ServiceNow.

In ServiceNow, select the Approval criteria you defined. In this example, the status Resolved is the approval criteria.

Once the ServiceNow issue is approved, the Approval stage is green in Deployments, and the deployment continues:

You now have a ServiceNow-based approval in your Pipeline that ensures nothing is deployed without your approval.

Harness UI–based Approvals

You can add approval steps in Pipelines (and Workflows) that rely on the Harness UI's User Groups notifications for approval or rejection.

As with other approval mechanisms: In a Pipeline, click the Insert a Stage (+) button to add the Approval step:

The new stage dialog appears. Click Approval Step to see the approval settings.

The Approval Step has the following fields:

  • Ticketing System - For Harness User Group notifications, select Harness UI.
  • User Groups - Select one or more Harness User Groups to notify for approval requests. (Each selected User Group must have Application: read permission for this Application.)
  • Timeout (hours) - Enter how long Harness should wait for the approval before stopping the Pipeline's deployment.
  • Execute in parallel with previous Step - You might want to execute steps in parallel if they are deploying to different hosts, or their success is independent of each other.
  • Disable step - Select this check box if you want to retain this step in the Pipeline's logic, but suspend the approval requirement.

When you finished, the approval step will look something like this:

When you deploy the Pipeline, the Approval Stage will notify the selected User Group(s), via their configured notification settings, to approve or reject the deployment:

Once an authorized user provides approval, the Approval stage is green in Deployments, and the deployment continues:

You now have a Harness UI–based approval in your Pipeline that ensures nothing is deployed without an authorized user's approval.

Shell Script–based Approvals

You can add approval stages in Pipelines—and approval steps in Workflows—that rely on custom shell scripts. Your scripts can test for conditions that you define, and then approve or reject the deployment's progress accordingly.

Pipeline Shell Script–based Approvals

As with other Pipeline approval mechanisms: Click the Insert a Stage (+) button to add the Approval step:

The new stage dialog appears. Click Approval Step to see the approval settings.

The Approval Step has the following fields:

  • Ticketing System - Select Custom Shell Script.
  • Script - Type into this field to replace the placeholder comments with your script. See Sample Script (Pipeline) below for guidelines.
  • Retry Interval (sec) - Enter how long Harness should wait between attempts to successfully execute the script.
  • Timeout (min) - Enter how long Harness should wait for the approval before stopping the Pipeline's deployment.
  • Execute in parallel with previous Step - You might want to execute steps in parallel if they are deploying to different hosts, or their success is independent of each other.
  • Disable step - Select this check box if you want to retain this step in the Pipeline's logic, but suspend the approval requirement.

When you finished, the approval step will look something like this:

Sample Script (Pipeline)

Here is an example of an approval script. From the placeholder comments, note that:

  • Your script must ultimately export the environment variable HARNESS_APPROVAL_STATUS—yielding a ${HARNESS_APPROVAL_STATUS} value of APPROVED or REJECTED.
  • Harness initializes this environment variable for you. Your script is not responsible for initialization, only export.
  • Your script should be idempotent.
  • Your script should follow bash conventions.
curl "http://www.example.com/" > temp.txt
echo $?
if [ "$?" -eq "0" ]
then
export result=APPROVED;
echo $result;
else
echo "no response available. Will try in next iteration";
fi

export HARNESS_APPROVAL_STATUS=$result;

When you deploy the Pipeline, the Approval Stage will attempt to execute your script:

Once the script executes successfully and exports a ${HARNESS_APPROVAL_STATUS} value of APPROVED, the Approval stage is green in Deployments, and the deployment continues:

You now have a script-based approval in your Pipeline that ensures that nothing is deployed without meeting the script's conditions.

Workflow Shell Script–based Approvals

You can add approval steps in Workflows that rely on custom shell scripts. Your scripts can test for conditions that you define, and then approve or reject the deployment's progress accordingly.

As for all approval mechanisms, click Add Step in your Workflow to insert the Approval step:

From the resulting Add Command dialog, select Approval:

This opens the Approval dialog with default settings:

This dialog displays different fields, depending on your selection in the Ticketing System drop-down. For this example, set Ticketing System to Custom Shell Script:

This form of the dialog displays the following fields:

  • Ticketing System – Here, we've selected Custom Shell Script.
  • Script – Type into this field to replace the placeholder comments with your script. See Sample Script (Workflow) below for guidelines.
  • Retry Interval (sec) – Enter how long Harness should wait between attempts to successfully execute the script.
  • Timeout (min) – Enter how long Harness should wait for the approval before stopping the Pipeline's deployment.

Using the sample script below, your completed dialog would look something like this before you click SUBMIT:

Sample Script (Workflow)

Here is an example of an approval script. From the placeholder comments, note that:

  • Your script must ultimately export the environment variable HARNESS_APPROVAL_STATUS—yielding a ${HARNESS_APPROVAL_STATUS} value of APPROVED or REJECTED.
  • Harness initializes this environment variable for you. Your script is not responsible for initialization, only export.
  • Your script should be idempotent.
  • Your script should follow bash conventions.
curl "http://www.example.com/" > temp.txt
echo $?
if [ "$?" -eq "0" ]
then
export result=APPROVED;
echo $result;
else
echo "no response available. Will try in next iteration";
fi

export HARNESS_APPROVAL_STATUS=$result;

When you deploy the Workflow, the Approval step will attempt to execute your script:

Once the script executes successfully and exports a ${HARNESS_APPROVAL_STATUS} value of APPROVED, the Approval step is green in Deployments, and the deployment continues:

Once deployment is complete, the Details panel will display a log of the script's execution:

You now have a script-based approval in your Workflow that ensures that nothing is deployed without meeting the script's conditions.


How did we do?