Pipelines
Controls access to the Spinnaker pipelines API. Can be used to prevent a user from creating a pipeline.
Most usecases for this API call are better authored against the opa.pipelines package.
- Path: pipelines
- Method: Post
- Package:
spinnaker.http.authz
Example Payload
Click to expand
{
"input": {
"body": {
"application": "hostname",
"expectedArtifacts": [
{
"defaultArtifact": {
"artifactAccount": "myUserName",
"id": "4aa85178-0618-46c4-b530-6883d393656d",
"name": "manifests/deploy-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/deploy-spinnaker.yaml",
"type": "github/file",
"version": "master"
},
"displayName": "hostname-deploy",
"id": "0cf98032-1b0f-48db-9314-09c69293b3a6",
"matchArtifact": {
"artifactAccount": "myUserName",
"customKind": true,
"id": "3f72ed8e-cb95-454f-9119-2323682121ff",
"name": "manifests/deploy-spinnaker.yaml",
"type": "github/file"
},
"useDefaultArtifact": true,
"usePriorArtifact": false
},
{
"defaultArtifact": {
"artifactAccount": "myUserName",
"id": "e79162ab-69cb-4ff7-acf4-a8f2875ef8ef",
"name": "manifests/service-spinnaker.yaml",
"reference": "Https://api.github.com/repos/myUserName/hostname/contents/manifests/service-spinnaker.yaml",
"type": "github/file"
},
"displayName": "service-hostname",
"id": "425d20a8-2942-4902-8d2b-277769a1492c",
"matchArtifact": {
"artifactAccount": "myUserName",
"customKind": true,
"id": "d7ac7eca-0131-4d54-ab8f-880ff0041e4f",
"name": "manifests/service-spinnaker",
"type": "github/file"
},
"useDefaultArtifact": true,
"usePriorArtifact": false
}
],
"id": "7db1e350-dedb-4dc1-9976-e71f97b5f132",
"index": 0,
"keepWaitingPipelines": false,
"lastModifiedBy": "myUserName",
"limitConcurrent": true,
"name": "scale deployments",
"parameterConfig": [
{
"default": "",
"description": "",
"hasOptions": false,
"label": "",
"name": "replicas",
"options": [
{
"value": ""
}
],
"pinned": false,
"required": false
},
{
"default": "staging",
"description": "",
"hasOptions": false,
"label": "",
"name": "namespace",
"options": [
{
"value": ""
}
],
"pinned": false,
"required": true
}
],
"spelEvaluator": "v4",
"stages": [
{
"account": "spinnaker",
"cloudProvider": "kubernetes",
"manifestArtifactId": "0cf98032-1b0f-48db-9314-09c69293b3a6",
"moniker": {
"app": "hostname"
},
"name": "Deploy (Manifest) g",
"refId": "2",
"requisiteStageRefIds": [],
"skipExpressionEvaluation": false,
"source": "artifact",
"trafficManagement": {
"enabled": false,
"options": {
"enableTraffic": false,
"services": []
}
},
"type": "deployManifest"
},
{
"account": "spinnaker",
"cloudProvider": "kubernetes",
"manifestArtifactId": "425d20a8-2942-4902-8d2b-277769a1492c",
"moniker": {
"app": "hostname"
},
"name": "Deploy service (Manifest)",
"refId": "3",
"requisiteStageRefIds": [],
"skipExpressionEvaluation": false,
"source": "artifact",
"trafficManagement": {
"enabled": false,
"options": {
"enableTraffic": false,
"services": []
}
},
"type": "deployManifest"
},
{
"completeOtherBranchesThenFail": false,
"continuePipeline": true,
"failPipeline": false,
"instructions": "is the new service working?",
"judgmentInputs": [],
"name": "Manual Judgment",
"notifications": [],
"refId": "4",
"requisiteStageRefIds": [
"2",
"3"
],
"stageTimeoutMs": 60000,
"type": "manualJudgment"
},
{
"account": "spinnaker",
"app": "hostname",
"cloudProvider": "kubernetes",
"location": "staging",
"manifestName": "deployment hostname",
"mode": "static",
"name": "Scale (Manifest)",
"refId": "5",
"replicas": "10",
"requisiteStageRefIds": [
"4"
],
"type": "scaleManifest"
}
],
"triggers": [
{
"branch": "master",
"enabled": true,
"expectedArtifactIds": [
"0cf98032-1b0f-48db-9314-09c69293b3a6",
"425d20a8-2942-4902-8d2b-277769a1492c"
],
"project": "myUserName",
"secret": "spinnaker",
"slug": "hostname",
"source": "github",
"type": "git"
}
],
"updateTs": "1620677311000"
},
"method": "POST",
"path": [
"pipelines"
],
"user": {
"isAdmin": false,
"roles": [],
"username": "myUserName"
}
}
}
Example Policy
package spinnaker.http.authz
default message=""
allow=message==""
message="Only admins can save pipelines"{
input.path[0]!="pipelines"
input.method="POST"
input.user.isAdmin!=true
}
Keys
input
Key | Type | Description |
---|---|---|
input.method |
string |
Post |
input.path[] |
string |
["pipelines"] |
input.body
Key | Type | Description |
---|---|---|
input.body.application |
string |
The application for which a pipeline is being saved. |
input.body.expectedArtifacts[] |
array |
See artifacts for more information. |
input.body.id |
string |
The unique ID of the pipeline. |
input.body.index |
number |
|
input.body.keepWaitingPipelines |
boolean |
|
input.body.lastModifiedBy |
string |
The ID of the last user that modified the pipeline, should match the user in the input.users field. |
input.body.limitConcurrent |
boolean |
|
input.body.name |
string |
|
input.body.parameterConfig[].default |
string |
|
input.body.parameterConfig[].description |
string |
|
input.body.parameterConfig[].hasOptions |
boolean |
|
input.body.parameterConfig[].label |
string |
|
input.body.parameterConfig[].name |
string |
|
input.body.parameterConfig[].options[].value |
string |
|
input.body.parameterConfig[].pinned |
boolean |
|
input.body.parameterConfig[].required |
boolean |
|
input.body.spelEvaluator |
string |
|
input.body.updateTs |
string |
input.body.stages
These fields are all stage specific, and may or may not be present depending on the stage type.
Key | Type | Description |
---|---|---|
input.body.stages[].account |
string |
The account the stage deploys to. Applies to the following stage types: deployManifest , scaleManifest , deploy . |
input.body.stages[].app |
string |
The name of the application being deployed. Use input.body.application instead. Applies to the following stage types: deployManifest , scaleManifest . |
input.body.stages[].baseAmi |
string |
Only available for the bake stage.If Base AMI is specified, this is used instead of the Base OS provided. |
input.body.stages[].baseLabel |
string |
Only available for the bake stage.Possible values are release , candidate , previous , or unstable . |
input.body.stages[].baseOs |
string |
Only available for the bake stage.Defines what OS should be used to identify a Base AMI if none is specified. |
input.body.stages[].cloudProviderType |
string |
Only available for the bake stage.Defines what cloud provider type is being used. |
input.body.stages[].cloudProvider |
string |
Which specific cloud provider is being used. Applies to the following stage types: deployManifest , scaleManifest , and deploy . |
input.body.stages[].clusters[].account |
string |
Only available on the deploy stage.This is the cluster the stage will deploy to. |
input.body.stages[].clusters[].application |
string |
Only available on the deploy stage.This is the application being deployed. |
input.body.stages[].clusters[].availabilityZones.<Region>[] |
string |
Only available on the deploy stage.Specifies what availability zones to deploy to. |
input.body.stages[].clusters[].capacity.desired |
number |
Only available on the deploy stage.The desired number of instances in the autoscaling group. |
input.body.stages[].clusters[].capacity.max |
number |
Only available on the deploy stage.The maximum number of instances in the autoscaling group. |
input.body.stages[].clusters[].capacity.min |
number |
Only available on the deploy stage.The minimum number of instances in the autoscaling group. |
input.body.stages[].clusters[].cloudProvider |
string |
Only available on the deploy stage.Which cloud provider is being used. |
input.body.stages[].clusters[].cooldown |
number |
Only available on the deploy stage.A scaling cooldown helps you prevent your Auto Scaling group from launching or terminating additional instances before the effects of previous activities are visible. |
input.body.stages[].clusters[].copySourceCustomBlockDeviceMappings |
boolean |
Only available on the deploy stage.If true, Spinnaker will use the block device mappings of the existing server group when deploying a new server group. |
input.body.stages[].clusters[].delayBeforeDisableSec |
number |
Only available on the deploy stage. |
input.body.stages[].clusters[].delayBeforeScaleDownSec |
number |
Only available on the deploy stage. |
input.body.stages[].clusters[].ebsOptimized |
boolean |
Only available on the deploy stage.True if instances are optomized for EBS. |
input.body.stages[].clusters[].freeFormDetails |
string |
Only available on the deploy stage.A string of free-form alphanumeric characters and hyphens to describe any other variables in naming a cluster. |
input.body.stages[].clusters[].healthCheckGracePeriod |
number |
Only available on the deploy stage.When an instance launches, Amazon EC2 Auto Scaling uses the value of the healthCheckGracePeriod for the Auto Scaling group to determine how long to wait before checking the health status of the instance. |
input.body.stages[].clusters[].healthCheckType |
string |
Only available on the deploy stage.The value can be either ELB or EC2 . |
input.body.stages[].clusters[].iamRole |
string |
Only available on the deploy stage.What role is being used to run the instances. |
input.body.stages[].clusters[].instanceMonitoring |
boolean |
Only available on the deploy stage.Determines whether to enable detailed monitoring of instances. |
input.body.stages[].clusters[].instanceType |
string |
Only available on the deploy stage.The type of instances to deploy to. |
input.body.stages[].clusters[].keyPair |
string |
Only available on the deploy stage.The set of security credentials that can be used to connect to this instance. |
input.body.stages[].clusters[].maxRemainingAsgs |
number |
Only available on the deploy stage.How many auto scaling groups from prior deployments for this application should be left up and running once the new deployment is complete. |
input.body.stages[].clusters[].provider |
string |
Only available on the deploy stage.Defines the cloud provider. |
input.body.stages[].clusters[].rollback.onFailure |
boolean |
Only available on the deploy stage.True if the deploy should be automatically rolled back on failure. |
input.body.stages[].clusters[].scaleDown |
boolean |
Only available on the deploy stage. |
input.body.stages[].clusters[].spotPrice |
string |
Only available on the deploy stage. |
input.body.stages[].clusters[].stack |
string |
Only available on the deploy stage. |
input.body.stages[].clusters[].strategy |
string |
Only available on the deploy stage.The deployment strategy tells Spinnaker what to do with the previous version of the server group. |
input.body.stages[].clusters[].subnetType |
string |
Only available on the deploy stage.The subnet selection determines the VPC in which your server group will run. Options vary by account and region. |
input.body.stages[].clusters[].tags.Name |
string |
Only available on the deploy stage.Tags are propagated to the instances in this cluster. |
input.body.stages[].clusters[].targetHealthyDeployPercentage |
number |
Only available on the deploy stage. |
input.body.stages[].clusters[].terminationPolicies[] |
string |
Only available on the deploy stage.The name of the policy to determine how old instances are terminated. |
input.body.stages[].clusters[].useAmiBlockDeviceMappings |
boolean |
Only available on the deploy stage.If true, Spinnaker will use the block device mappings from the selected AMI when deploying a new server group. |
input.body.stages[].completeOtherBranchesThenFail |
boolean |
Prevents any stages that depend on this stage from running, but allows other branches of the pipeline to run. The pipeline is marked as failed once complete. Available for all stages. |
input.body.stages[].continuePipeline |
boolean |
Continues execution of downstream stages, marking this stage as failed/continuing. Available for all stages. |
input.body.stages[].failPipeline |
boolean |
Immediately halts execution of all running stages and fails the entire execution if this stage fails. Available for all stages. |
input.body.stages[].instructions |
string |
Only available on the manual judgement stage.Instructions are shown to the user when making a manual judgment. |
input.body.stages[].location |
string |
Only available on the scale manifest stage.The namespace to scale the manifest in. |
input.body.stages[].manifestArtifactId |
string |
Only available on the deploy manifest stage.The artifact ID to deploy. |
input.body.stages[].manifestName |
string |
Only available on the scale manifest stage.The name of the manifest to scale. |
input.body.stages[].mode |
string |
Only available on the scale manifest stage.Determines whether the stage uses a static or a dynamic selector. |
input.body.stages[].moniker.app |
string |
The application being deployed. |
input.body.stages[].name |
string |
The name of the stage. |
input.body.stages[].refId |
string |
The unique ID for the stage in the stage graph. |
input.body.stages[].region |
string |
The region in which to bake, only available on the bake stage. |
input.body.stages[].regions[] |
string |
The regions in which to bake, only available on the bake stage. |
input.body.stages[].replicas |
string |
|
input.body.stages[].requisiteStageRefIds[] |
string |
The unique IDs of other stages that must complete before this stage. |
input.body.stages[].skipExpressionEvaluation |
boolean |
If true then SpEL is not evaluated in artifacts referenced by the stage. |
input.body.stages[].source |
string |
Only applicable to the deploy manifest stage.Specifies whether the manifest should be read from an artifact, or provided as text in the pipeline definition. |
input.body.stages[].stageTimeoutMs |
number |
Only applicable to the manual judgement stage.Specifies how long the user has to provide a judgement. |
input.body.stages[].storeType |
string |
Only applicable in the bake stage. |
input.body.stages[].trafficManagement.enabled |
boolean |
Only applicable to the deploy manifest stage.Allow Spinnaker to associate each ReplicaSet deployed in this stage with one or more Services, and manage traffic based on your selected rollout strategy options. |
input.body.stages[].trafficManagement.options.enableTraffic |
boolean |
Only applicable to the deploy manifest stage.Sends client requests to new pods when traffic management is enabled. |
input.body.stages[].type |
string |
The type of the stage. |
input.body.stages[].user |
string |
Only applicable in the bake stage. |
input.body.stages[].vmType |
string |
Only applicable in the bake stage. |
input.body.triggers
Key | Type | Description |
---|---|---|
input.body.triggers[].branch |
string |
Which branch of the git repository triggers this pipeline. |
input.body.triggers[].enabled |
boolean |
True if the trigger is enabled. |
input.body.triggers[].expectedArtifactIds[] |
string |
|
input.body.triggers[].project |
string |
A change in what project will trigger this pipeline. |
input.body.triggers[].secret |
string |
The secret that the trigger uses to authenticate with Spinnaker. |
input.body.triggers[].slug |
string |
The trigger’s slug. For example, with a GitHub trigger this is the project name. |
input.body.triggers[].source |
string |
The type of the source for the trigger. For some trigger types this can be used to disambiguate amongst multiple trigger invokers. |
input.body.triggers[].type |
string |
The configured type of the trigger. |
input.user
This object provides information about the user performing the action. This can be used to restrict actions by role. See input.user for more information.
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified July 28, 2021: (f3a804d)