Customer Use Case
We are using version and snapshot statuses extensively in our UrbanCode Deploy governance model. We designed a set of generic processes for applying statuses and verifying them before deployments.
How can we make sure users do not subvert the system and run these processes directly? We want to ensure the processes can only be called from application processes.
When a generic process is called from an application process or another generic process, the child process gets a processId property set. That property is not set when the process is run directly.
You can add a step to the beginning of the child process that simply fails if the processId property is not set. Here is an example Run Groovy Script step:
println "This process may not be run directly. It must be called by another process." System.exit(1)
If a user runs the generic process directly, the Groovy step runs, and the process fails. If a user calls the generic process from any other process, the Groovy step does not run, and the process continues.
Have any questions? Leave a comment below.