spinnaker.execution.pipelines.before

Policy that is evaluated when a pipeline starts executing, but before any stages attempt to run.

Example Payload

Click to expand
{
  "input": {
    "pipeline": {
      "application": "hostname",
      "disabled": false,
      "executionId": "01F5EF8JCVYM85FACGYSTF6S5G",
      "expectedArtifacts": [
        {
          "defaultArtifact": {
            "artifactAccount": "myUsername",
            "customKind": false,
            "metadata": {
              "id": "4aa85178-0618-46c4-b530-6883d393656d"
            },
            "name": "manifests/deploy-spinnaker.yaml",
            "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/deploy-spinnaker.yaml",
            "type": "github/file",
            "version": "master"
          },
          "id": "0cf98032-1b0f-48db-9314-09c69293b3a6",
          "matchArtifact": {
            "artifactAccount": "myUsername",
            "customKind": true,
            "metadata": {
              "id": "3f72ed8e-cb95-454f-9119-2323682121ff"
            },
            "name": "manifests/deploy-spinnaker.yaml",
            "type": "github/file"
          },
          "useDefaultArtifact": true,
          "usePriorArtifact": false
        },
        {
          "defaultArtifact": {
            "artifactAccount": "myUsername",
            "customKind": false,
            "metadata": {
              "id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef"
            },
            "name": "manifests/service-spinnaker.yaml",
            "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/service-spinnaker.yaml",
            "type": "github/file"
          },
          "id": "425d20a8-2942-4902-8d2b-277769a1492c",
          "matchArtifact": {
            "artifactAccount": "myUsername",
            "customKind": true,
            "metadata": {
              "id": "d7ac7eca-0131-4d54-ab8f-880ff0041e4f"
            },
            "name": "manifests/service-spinnaker",
            "type": "github/file"
          },
          "useDefaultArtifact": true,
          "usePriorArtifact": true
        }
      ],
      "id": "0cdf6df8-ceb1-490e-a7c9-de80e49b0866",
      "keepWaitingPipelines": false,
      "limitConcurrent": true,
      "name": "hostname w evaluate artifacts",
      "notifications": [],
      "parallel": false,
      "parameterConfig": [
        {
          "default": "",
          "description": "",
          "hasOptions": false,
          "label": "",
          "name": "moduleConfig",
          "options": [
            {
              "value": ""
            }
          ],
          "pinned": false,
          "required": false
        }
      ],
      "plan": false,
      "receivedArtifacts": [],
      "respectQuietPeriod": false,
      "spelEvaluator": "v4",
      "stages": [
        {
          "account": "spinnaker",
          "cloudProvider": "kubernetes",
          "manifestArtifactId": "65d24828-f858-4e6f-a2c8-82c2cdd79251",
          "moniker": {
            "app": "hostname"
          },
          "name": "Deploy (Manifest)",
          "refId": "2",
          "requisiteStageRefIds": [
            "7"
          ],
          "skipExpressionEvaluation": false,
          "source": "artifact",
          "trafficManagement": {
            "enabled": false,
            "options": {
              "enableTraffic": false,
              "services": []
            }
          },
          "type": "deployManifest"
        },
        {
          "artifactContents": [
            {
              "contents": "---\napiVersion: v1\nkind: Namespace\nmetadata:\n  name: '${#readJson(parameters['moduleConfig'])['ns']}'\nspec:\n  finalizers:\n  - kubernetes\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: hostname\n  namespace: '${#readJson(parameters['moduleConfig'])['ns']}'\nspec:\n  replicas: '${#readJson(parameters['moduleConfig'])['replicas']}'\n  selector:\n    matchLabels:\n      app: hostname\n      version: v1\n  strategy:\n    rollingUpdate:\n      maxSurge: 1\n      maxUnavailable: 1\n    type: RollingUpdate\n  template:\n    metadata:\n      labels:\n        app: hostname\n        version: v1\n    spec:\n      containers:\n      - image: rstarmer/hostname:v1\n        imagePullPolicy: Always\n        name: hostname\n        resources: {}\n      restartPolicy: Always",
              "id": "65d24828-f858-4e6f-a2c8-82c2cdd79251",
              "name": "test"
            }
          ],
          "expectedArtifacts": [
            {
              "defaultArtifact": {
                "customKind": true,
                "id": "b9076063-d4ff-4ec5-81f6-599a1bb78bf3"
              },
              "displayName": "test",
              "id": "65d24828-f858-4e6f-a2c8-82c2cdd79251",
              "matchArtifact": {
                "artifactAccount": "embedded-artifact",
                "customKind": true,
                "id": "06e6f217-900e-4546-8370-8404255715c9",
                "name": "test",
                "type": "embedded/base64"
              },
              "useDefaultArtifact": false,
              "usePriorArtifact": false
            }
          ],
          "name": "Evaluate Artifacts5",
          "refId": "7",
          "requisiteStageRefIds": [],
          "type": "evaluateArtifacts"
        }
      ],
      "trigger": {
        "artifacts": [
          {
            "artifactAccount": "myUsername",
            "customKind": false,
            "metadata": {
              "id": "4aa85178-0618-46c4-b530-6883d393656d"
            },
            "name": "manifests/deploy-spinnaker.yaml",
            "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/deploy-spinnaker.yaml",
            "type": "github/file",
            "version": "master"
          },
          {
            "artifactAccount": "myUsername",
            "customKind": false,
            "metadata": {
              "id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef"
            },
            "name": "manifests/service-spinnaker.yaml",
            "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/service-spinnaker.yaml",
            "type": "github/file"
          }
        ],
        "dryRun": false,
        "enabled": false,
        "eventId": "0442458c-eeed-41a6-83f4-dbf0110076e1",
        "executionId": "01F5EF8JCVYM85FACGYSTF6S5G",
        "expectedArtifacts": [
          {
            "boundArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "4aa85178-0618-46c4-b530-6883d393656d"
              },
              "name": "manifests/deploy-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/deploy-spinnaker.yaml",
              "type": "github/file",
              "version": "master"
            },
            "defaultArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "4aa85178-0618-46c4-b530-6883d393656d"
              },
              "name": "manifests/deploy-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/deploy-spinnaker.yaml",
              "type": "github/file",
              "version": "master"
            },
            "id": "0cf98032-1b0f-48db-9314-09c69293b3a6",
            "matchArtifact": {
              "artifactAccount": "myUsername",
              "customKind": true,
              "metadata": {
                "id": "3f72ed8e-cb95-454f-9119-2323682121ff"
              },
              "name": "manifests/deploy-spinnaker.yaml",
              "type": "github/file"
            },
            "useDefaultArtifact": true,
            "usePriorArtifact": false
          },
          {
            "boundArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef"
              },
              "name": "manifests/service-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/service-spinnaker.yaml",
              "type": "github/file"
            },
            "defaultArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef"
              },
              "name": "manifests/service-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/service-spinnaker.yaml",
              "type": "github/file"
            },
            "id": "425d20a8-2942-4902-8d2b-277769a1492c",
            "matchArtifact": {
              "artifactAccount": "myUsername",
              "customKind": true,
              "metadata": {
                "id": "d7ac7eca-0131-4d54-ab8f-880ff0041e4f"
              },
              "name": "manifests/service-spinnaker",
              "type": "github/file"
            },
            "useDefaultArtifact": true,
            "usePriorArtifact": true
          }
        ],
        "parameters": {
          "moduleConfig": "{\"name\":\"test-deployment\",\"space\":\"test-space-param\"}"
        },
        "preferred": false,
        "rebake": false,
        "resolvedExpectedArtifacts": [
          {
            "boundArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "4aa85178-0618-46c4-b530-6883d393656d"
              },
              "name": "manifests/deploy-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/deploy-spinnaker.yaml",
              "type": "github/file",
              "version": "master"
            },
            "defaultArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "4aa85178-0618-46c4-b530-6883d393656d"
              },
              "name": "manifests/deploy-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/deploy-spinnaker.yaml",
              "type": "github/file",
              "version": "master"
            },
            "id": "0cf98032-1b0f-48db-9314-09c69293b3a6",
            "matchArtifact": {
              "artifactAccount": "myUsername",
              "customKind": true,
              "metadata": {
                "id": "3f72ed8e-cb95-454f-9119-2323682121ff"
              },
              "name": "manifests/deploy-spinnaker.yaml",
              "type": "github/file"
            },
            "useDefaultArtifact": true,
            "usePriorArtifact": false
          },
          {
            "boundArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef"
              },
              "name": "manifests/service-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/service-spinnaker.yaml",
              "type": "github/file"
            },
            "defaultArtifact": {
              "artifactAccount": "myUsername",
              "customKind": false,
              "metadata": {
                "id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef"
              },
              "name": "manifests/service-spinnaker.yaml",
              "reference": "Https://api.github.com/repos/myUsername/hostname/contents/manifests/service-spinnaker.yaml",
              "type": "github/file"
            },
            "id": "425d20a8-2942-4902-8d2b-277769a1492c",
            "matchArtifact": {
              "artifactAccount": "myUsername",
              "customKind": true,
              "metadata": {
                "id": "d7ac7eca-0131-4d54-ab8f-880ff0041e4f"
              },
              "name": "manifests/service-spinnaker",
              "type": "github/file"
            },
            "useDefaultArtifact": true,
            "usePriorArtifact": true
          }
        ],
        "type": "manual",
        "user": "myUserName"
      },
      "triggers": [
        {
          "branch": "master",
          "dryRun": false,
          "enabled": true,
          "expectedArtifactIds": [
            "0cf98032-1b0f-48db-9314-09c69293b3a6",
            "425d20a8-2942-4902-8d2b-277769a1492c"
          ],
          "id": "873854a4-d068-3734-8e52-8c224bf127f2",
          "preferred": false,
          "project": "myUsername",
          "rebake": false,
          "secret": "spinnaker",
          "slug": "hostname",
          "source": "github",
          "type": "git"
        }
      ]
    },
    "user": {
      "isAdmin": false,
      "roles": [],
      "username": "myUserName"
    }
  }
}

Example Policy

package spinnaker.execution.pipelines.before

deny["Kubernetes deployments can only be triggered by webhooks, docker, or manually."] { 
  stage := input.pipeline.stages[_]
  trigger := input.pipeline.trigger

  stage.type == "deployManifest"
  trigger.type != "docker"
  trigger.type != "webhook"
  trigger.type != "manual"
}

Keys

input.pipeline

KeyTypeDescription
input.pipeline.applicationstringThe name of the Spinnaker application to which this pipeline belongs.
input.pipeline.disabledbooleanTrue if execution of this pipeline is disabled.
input.pipeline.executionIdstringThe unique ID of the execution
input.pipeline.expectedArtifacts[]{object}See artifacts for more information.
input.pipeline.idstringThe unique ID of the pipeline.
input.pipeline.keepWaitingPipelinesbooleanIf false and concurrent pipeline execution is disabled, then the pipelines in the waiting queue get canceled when the next execution starts.
input.pipeline.limitConcurrentbooleanDisable concurrent pipeline executions (only run one at a time).
input.pipeline.namestringThe name of the pipeline.
input.pipeline.parallelboolean
input.pipeline.parameterConfig[].defaultstringThe default value associated with this parameter.
input.pipeline.parameterConfig[].descriptionstringif supplied, is displayed to users as a tooltip when triggering the pipeline manually. You can include HTML in this field.
input.pipeline.parameterConfig[].hasOptionsbooleanTrue if the Show Options checkbox in the parameter is checked.
input.pipeline.parameterConfig[].labelstringA label to display when users are triggering the pipeline manually.
input.pipeline.parameterConfig[].namestringThe name of the parameter.
input.pipeline.parameterConfig[].options[].valuestringWhat values exist in a picklist for the user to choose from for the parameter.
input.pipeline.parameterConfig[].pinnedbooleanIf checked, this parameter is always shown in a pipeline execution view, otherwise it’s collapsed by default.
input.pipeline.parameterConfig[].requiredbooleanIf true, the user must provide a value for this parameter when executing the pipeline.
input.pipeline.planboolean
input.pipeline.respectQuietPeriodboolean
input.pipeline.spelEvaluatorstringWhich version of SpEL should SpEL expressions be evaluated with.
input.pipeline.stages[][array]An array of the stages in the pipeline. Typically if you are writing a policy that examines multiple pipeline stages, it is better to write that policy against either the opa.pipelines package, or the spinnaker.execution.pipelines.before package.

input.pipeline.trigger

See input.pipeline.trigger for more information.

input.user

This object provides information about the user performing the action. This can be used to restrict actions by role. See input.user for more information.


Last modified August 18, 2023: (02b163b7)