Approval actions
What is an approval action?
An approval action specifies the entities and actions requiring approval, and their outcomes. They determine:
- when an approval process is triggered, such as deploying to a production environment or creating a new scope.
- what the outcome of that action is: approved, denied, or flagged for manual review.
- at what level in your organization this action applies.
Available entities and actions
Approval actions apply to the following entities and actions:
| Entity | Actions |
|---|---|
deployment | deployment:create |
scope | scope:create, scope:write, scope:delete, scope:stop |
service:action | service:action:create |
parameters | parameter:read-secrets |
Each entity is a resource type, while each action describes an operation performed on that entity. For example, deployment defines the entity and deployment:create refers to creating a deployment.
Create an approval action��
The first step to configure approvals is to create an approval action. For that, send a POST request to our Approval endpoint.
curl -L -X POST 'https://api.nullplatform.com/approval/action' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"nrn": "organization=1:account=2:namespace=3:application=4",
"entity": "deployment",
"action": "deployment:create",
"dimensions": {
"environment": "production"
},
"on_policy_success": "manual",
"on_policy_fail": "manual"
}
If you don’t include on_policy_success and on_policy_fail in your request, the approval will default to manual review.
What this approval action does
This action ensures that when a user attempts to create a deployment in a production environment at the organization level organization=1:account=2:namespace=3:application=4, the request requires manual approval. It must be reviewed and explicitly approved or denied before proceeding.
Example response
For a successful request, you'll get a response like this:
{
"id": 98765, // Save the action ID for the next steps
"nrn": "organization=1:account=2:namespace=3:application=4",
"entity": "deployment",
"action": "deployment:create",
"on_policy_success": "manual",
"on_policy_fail": "manual"
}
This ensures that requests to create deployments are evaluated and either approved or flagged for manual review based on policy results.
The id field contains the unique approval action ID. Be sure to save it, as you'll need it in the next steps.
Using policies to enhance approval actions
Approval actions work on their own to specify approvals for specific entities and actions.
However, you can link them to policies to add conditions that define when approval is needed. This allows you to enforce rules that align approvals with your organization’s requirements, such as time-based rules or conditions on the size of the resource being created.
What's next?
Now that you've creating your approval actions, explore the following: