Managing Enterprise Automation with Red Hat Ansible Automation Platform
Create an approval node in a workflow job template that uses notifications to request permission from an administrator for the job to continue, and approve or reject those requests.
For various reasons, you might want to require that a particular person or group explicitly approve or reject execution of a workflow job template.
You can add approval nodes to a workflow job template that pause the workflow until a user with an appropriate role manually approves or rejects further execution of the workflow. You can also set a time limit on the approval node, so that further execution is automatically rejected if execution is not approved before the limit expires. It is possible to add several approval nodes inside a workflow, on various branches of a workflow, and at the start of a workflow.
Some reasons to use approval nodes within your workflow job templates include:
Enabling users to launch workflow jobs, but requiring that someone else approve it before it runs.
Pausing the workflow if a job template fails, so that you can investigate the problem, and before the workflow attempts to recover or clean up the affected systems.
Pausing a workflow that is succeeding, so that you can complete testing external to the workflow before approving its final steps.
You can create an approval node through the workflow visualizer in the automation controller UI. To create an approval node, you need to be logged in as a user with sufficient permissions:
A user with the
Adminrole on the workflow job templateA user with the
Workflow Adminrole for the organizationA user with the
System Administratoruser type
There are several different ways to add approval nodes to a workflow:
You can click the link between two nodes and then click the plus (
+) icon to create an approval node between those two nodes.You can click a node and then click the plus (
+) icon to create an approval node that follows that node.You can edit an existing node to convert it into an approval node.
Whichever method you use, select in the field when you create the new node or edit the existing node.
For example, if you need approval before running a job template then click directly on the line. A pop-up window opens that displays the message .
If you want to replace an existing node with an approval node, click the pencil icon on the job template.
To view workflow approval requests, you need to have the Admin, Execute, Read, or Approve role on the workflow job template, or the System Administrator or System Auditor user type.
The icon at the top of the page displays the number of workflows that require your approval. This number indicates how many workflow approval requests are pending.
Click the icon to see pending workflow approval requests, or navigate to → to see all workflow approval requests. Click the name of the pending workflow approval request that you want to approve or deny.
To actually approve or deny a workflow approval request, you must have either the Admin or the Approve role on the workflow job template. As always, a user with the System Administrator user type can perform any action. If you do not have sufficient access, then the and buttons are unavailable.
Often, you want workflow approval requests to be approved or denied within a certain period of time. You can set a time-out that automatically denies a request if it has not been approved within a certain time limit.
You can set a time-out from the page. Click the down arrow of the drop-down list and select . There are two fields in the section, for minutes and seconds. This specifies the length of time before the approval request expires and is automatically denied.
If you leave both fields blank, then no time-out is set. The workflow approval request never expires, and the workflow job waits indefinitely for manual approval or denial.
When you review pending workflow approval requests in automation controller, you can see their expiration times in the column.
If someone does not approve the pending workflow approval request within the specified time limit, it is automatically denied and the next nodes that have an Always or On Failure configuration run.
If the pending workflow approval request is approved, then the next nodes that have an Always or On Success configuration run.
It is a good idea to use notifications in your workflow job template to alert the people who address workflow approval requests that a new request needs review. Notifications also alert the users about whether a workflow approval has been approved, denied, or timed out.
To configure your workflow job template to send workflow approval notifications, first make sure that you have configured an appropriate notification. IRC, Slack, email, or webhooks that you integrate with other chat or notification applications might be appropriate. You can customize the message that the notification sends if necessary.
Navigate to and select the name of your workflow job template. Click and find the notification you want to use. You can use the search field to help locate the notification. For that notification, look in the column and enable .
Remember to test your workflow job template to confirm that workflow approval notifications are being sent.
References
For more information, see the Approval nodes section in the Automation Controller User Guide at https://docs.ansible.com/automation-controller/latest/html/userguide/workflow_templates.html#ug-wf-approval-nodes
