Require approval for deployments to protected Puppet environments

If your organization's business processes require manual review and approval before Puppet code is deployed to certain environments, set up an approval group of individuals with the authority to provide the needed review and sign-off. These approvers are contacted each time a deployment to a protected environment is proposed.

Before you begin
Make sure SMTP has been configured for your Continuous Delivery for PE installation. For instructions, see Configure SMTP.

Enabling a manual approval checkpoint on deployments to protected Puppet environments is a two-step process. First, designate the Continuous Delivery for PE users with the authority to approve or reject deployment requests. Next, designate the Puppet environments that require manual deployment approval.

Important: Designating approvers requires super user permissions.
  1. Create an approval group. The members of this group review all proposed deployments to the environments you designate as protected and manually approve or decline each deployment.
    1. In the Continuous Delivery for PE web UI, click Settings.
    2. In the Groups tab, click + Create new group.
    3. Enter a name (such as Approval) and description for your new group, then click Save.
    4. In each permissions category, select the permissions you wish to assign to the approval group and click Save and add users.
      Important: At a minimum, the approval group must have the List permission for Control repos in order to view and approve or deny deployments.
    5. On the Add users page, add the individuals with the authority to approve or deny deployments to protected environments.
      • Search for users by username or email address.

  2. Designate which Puppet environments require deployment approval.
    1. Click the Puppet Enterprise tab.
    2. Click the number (likely "0") in the Protected environments column for your PE instance.
    3. Select the Puppet environment that requires deployment approval.
    4. Select the approval group you created in step 1.
    5. Click Add.
    6. If necessary, repeat these steps to designate additional environments as protected, then click Done.
Results

Now that this set-up process is complete, each time a deployment to the protected environment is triggered, either manually or through a pipeline run, the members of the approval group receive an email and a message in the message center alerting them that approval of the deployment is required.

A member of the approval group must review the deployment's details page and click Provide approval decision. After they approve or decline the deployment, a record of their decision is added to the deployment's details page.