diff --git a/docs/database-devops/use-database-devops/governance/audit-trails.md b/docs/database-devops/use-database-devops/governance/audit-trails.md index 2281a408a96..dd65118bb7b 100644 --- a/docs/database-devops/use-database-devops/governance/audit-trails.md +++ b/docs/database-devops/use-database-devops/governance/audit-trails.md @@ -22,8 +22,6 @@ tags: --- -## Introduction - With Audit Trail in Harness, you can view and track changes to your Harness resources within your Harness account. The audit data retention period is 2 years. Harness reserves the right to delete audit data after 2 years. You can request a longer retention period by contacting Harness. For example, if you require audit data for legal discoveries, etc., contact Harness and we can help. @@ -39,15 +37,13 @@ The Account Audit Trail includes the following Database Devops events: | DB Schema | Create, Update, Delete | | DB Instance | Create, Update, Delete | - - Each event in the Account Audit Trail list provides the following details: 1. **Action:** Describes the specific activity, such as logging in or deleting. 2. **Resource name and Type:** Identifies the resource type and its name where the event occurred. For example, monitored service, agent, or user. 3. **Organization and Project:** Name of the organization and the project in which the event occurred. -![](./static/audit-trail.png) +![Audit Trails](./static/audit-trail.png) When you click on a resource name, you will be directed to the corresponding event page. For instance, clicking on a DB Schema resource will take you to the schema listing page, while clicking on a DB Instance resource will redirect you to the instance list page. @@ -61,4 +57,4 @@ To see more information about a particular event, select the messaging icon next You can also see a snapshot of changes in YAML format by expanding YAML Difference. -![](./static/yaml-diff-audit-trail.png) +![Database Devops Audit Trails](./static/yaml-diff-audit-trail.png) diff --git a/docs/database-devops/use-database-devops/governance/static/preview-and-approval-using-harness-ui.png b/docs/database-devops/use-database-devops/governance/static/preview-and-approval-using-harness-ui.png new file mode 100644 index 00000000000..d926a2dd770 Binary files /dev/null and b/docs/database-devops/use-database-devops/governance/static/preview-and-approval-using-harness-ui.png differ diff --git a/docs/database-devops/use-database-devops/governance/using-approval-gates-with-harness-ui.md b/docs/database-devops/use-database-devops/governance/using-approval-gates-with-harness-ui.md new file mode 100644 index 00000000000..5c6ce9140d7 --- /dev/null +++ b/docs/database-devops/use-database-devops/governance/using-approval-gates-with-harness-ui.md @@ -0,0 +1,162 @@ +--- +title: Preview SQL with Manual Approval +description: Learn how to preview SQL changes in Harness DB DevOps pipelines and enforce manual approval before applying schema changes. +sidebar_position: 11 +keywords: + - preview sql + - harness dbops + - manual approval + - database pipeline + - sql review + - schema deployment + - db change governance + - harness database devops + - dbops approval workflow +tags: + - harness-db-devops + - sql-preview + - approval-gates + - deployment-safety + - governance + +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +Harness DB DevOps allows you to integrate a **Preview SQL** step in your pipeline to review generated SQL before applying schema changes to the database. +This workflow ensures **governance, visibility, and control**, as you can add a **Manual Approval** step between previewing and executing the changes. + +The typical workflow looks like this: + +1. Clone the Git repository containing migration scripts. +2. Run the **Preview SQL** step to generate SQL for the changes. +3. Pause the pipeline at a **Manual Approval** gate for human verification. +4. After approval, proceed with the **DB Schema Apply** step to deploy the changes. + + + + +![preview-and-approval-using-harness-ui](./static/preview-and-approval-using-harness-ui.png) + + + +```yaml +pipeline: + name: mux-sql + identifier: muxsql + projectIdentifier: default_project + orgIdentifier: default + tags: {} + stages: + - stage: + name: deploy + identifier: deploy + description: "preview SQL changes in Harness DB DevOps pipelines and enforce manual approval before applying schema changes." + type: Custom + spec: + execution: + steps: + - stepGroup: + name: preview + identifier: preview + steps: + - step: + type: LiquibaseCommand + name: Preview + identifier: Preview + spec: + connectorRef: account.harnessImage + command: " update-sql" + dbSchema: cockroachDB + dbInstance: cab + timeout: 10m + stepGroupInfra: + type: KubernetesDirect + spec: + connectorRef: db + - step: + type: HarnessApproval + name: Approval + identifier: Approval + spec: + approvalMessage: Please review the following information and approve the pipeline progression + includePipelineExecutionHistory: true + isAutoRejectEnabled: false + approvers: + userGroups: + - account._account_all_users + minimumCount: 1 + disallowPipelineExecutor: false + approverInputs: [] + timeout: 1d + - stepGroup: + name: deploy + identifier: deploy + steps: + - step: + type: DBSchemaApply + name: DB Schema Apply + identifier: DB_Schema_Apply + spec: + connectorRef: account.harnessImage + dbSchema: cockroachDB + dbInstance: cab + markNextChangeSetRun: true + timeout: 10m + stepGroupInfra: + type: KubernetesDirect + spec: + connectorRef: db + rollbackSteps: [] + serviceDependencies: [] + tags: {} + delegateSelectors: + - harness-gke-delegate +``` + + + +## Setting Up the Workflow + +In your pipeline’s **Execution** tab, add the following steps: + +| Step | Description | +|-----------------|-----------------------------------------------------------------------------| +| **Git Clone** | Clones the migration scripts from the connected Git repository. | +| **Preview SQL** | Generates SQL statements from your changelog or schema definition. | +| **Approval** | Adds a manual approval gate where users must review and confirm SQL changes. | +| **DB Schema Apply** | Applies the approved SQL changes to the target database instance. | + +## SQL Preview + +The **Preview SQL** step shows a generated SQL script based on the detected changes. +This allows DBAs and developers to: + +- Validate the correctness of the SQL. +- Identify potential issues such as destructive changes. +- Ensure compliance with internal policies. + +Example output: + +```sql +CREATE TABLE products +( + id SERIAL, + name TEXT NOT NULL, + price NUMERIC(10,2) NOT NULL DEFAULT 0.00, + CONSTRAINT products_pkey PRIMARY KEY (id) +); +``` +## Manual Approval Step +The Approval step acts as a gate in the pipeline. When the pipeline reaches this stage: +- A notification is sent to the designated approvers. +- Approvers can review the Preview SQL output before continuing. +- The pipeline proceeds to the DB Schema Apply step only after approval. +This ensures that no schema changes are deployed without human validation. + +## Applying Schema Changes +After approval, the pipeline executes the `Apply Schema` step. This deploys the reviewed SQL script to the configured database instance. For example: +- **Preview SQL:** shows the generated ALTER TABLE statement. +- **Approval:** DBA confirms the change is safe. +- **DB Schema Apply:** Executes the approved change on the target database. \ No newline at end of file