Releases: upbound/function-approve
v0.1.0
🎉 First Stable Release
We're excited to announce the first stable release of function-approve - a Crossplane Composition Function for implementing robust
manual approval workflows in your infrastructure pipelines.
🚀 Key Features
Approval-Based Pipeline Control
- Fatal Result Mechanism: Uses Crossplane's fatal results to completely halt pipeline execution when approval is required
- Hash-Based Change Detection: Automatically detects changes using SHA256 hashing of specified data fields
- Explicit Approval Required: Changes only proceed after manual approval via status.approved: true
Rich Status Feedback
- ApprovalRequired Conditions: Detailed conditions showing what needs approval
- Comprehensive Error Messages: Clear messaging about required approvals with hash comparisons
- Approval History: Tracks approved state via currentHash field
Simple Configuration
- Minimal API: Clean, intuitive configuration options
- Sensible Defaults: Works out-of-the-box with minimal configuration
- Flexible Field Mapping: Configure which fields to monitor and where to store state
📋 Configuration Options
🔧 How It Works
- Change Detection: Function calculates SHA256 hash of monitored field
- Approval Check: Compares with previously approved hash in status.currentHash
- Pipeline Control: Returns fatal result if changes detected and not approved
- Approval Processing: Updates currentHash and resets approval flag after approval
- Status Feedback: Provides clear conditions and error messages for operators
💡 Example Usage
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
spec:
pipeline:
- step: require-approval
functionRef:
name: function-approve
input:
apiVersion: approve.fn.crossplane.io/v1alpha1
kind: Input
dataField: "spec.resources"
approvalField: "status.approved"
currentHashField: "status.currentHash"
detailedCondition: true
approvalMessage: "Infrastructure changes require approval"
🎯 Design Principles
- Fail-Safe: Defaults to requiring approval for safety
- Transparent: Clear status reporting and error messages
- Simple: Minimal configuration with sensible defaults
- Reliable: Uses proven fatal result mechanism for pipeline control
📚 Documentation
- Complete Examples: Ready-to-use composition and XRD examples
- Configuration Guide: Detailed documentation for all options
- Best Practices: Security and workflow recommendations
- Troubleshooting: Common issues and solutions
🔄 Approval Workflow
- Make changes to monitored resource fields
- Function detects changes and halts pipeline with fatal result
- Review changes via resource conditions and status
- Approve changes: kubectl patch --type=merge --subresource=status -p '{"status":{"approved":true}}'
- Pipeline resumes and applies approved changes
- Function updates currentHash and resets approval flag
🌟 Benefits
- Infrastructure Safety: Prevent accidental changes to critical resources
- Change Visibility: Clear audit trail of what was approved when
- Compliance: Support regulatory requirements for change approval
- Team Coordination: Enable review processes for infrastructure changes
- Risk Reduction: Catch and review potentially dangerous modifications
📦 Installation
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-approve
spec:
package: xpkg.upbound.io/upbound/function-approve:v0.1.0
🔮 What's Next
This stable release provides a solid foundation for approval workflows. Future enhancements may include:
- Multi-step approval processes
- Integration with external approval systems
- Advanced notification capabilities
- Approval timeout mechanisms
Get Started: Check out the ./example/ directory for complete working configurations.
Need Help?: Visit our ./README.md or open an issue for support.
Security: Report security issues privately via GitHub Security Advisories.