Sharing Pipelines
- Run a Solution Catalog Pipeline
- Creating a Solution Catalog
- Controlling Access to Catalogs
- Approve and Deny Access Requests
Pipelines can be shared with other projects, both privately within your organization, and publicly with other organizations. Sharing is facilitated through Solution Catalogs, which are special projects containing one or more pipelines that together comprise a “solution.”
Solution catalogs are ideal for the following scenarios:
- I have a “library” pipeline that I want to include by reference in several other “solution” pipelines which span multiple projects.
- I am a vendor building pipelines containing proprietary content that I want to share with select other organizations that have approved access to this content, such as through a product license.
- I am a vendor building pipelines as a value add to my existing offering, and so I want to make this content freely available to all users in the platform.
Run a Solution Catalog Pipeline
Catalog pipelines can be run directly by browsing the catalogs list, opening a catalog, and clicking the Run button.
Note
- When running a catalog pipeline, it is important to note your current project context. Runs created from the pipeline will be placed in the current project (viewable from the dropdown in the top-right of the application), which in turn determines the runners which are capable of executing the run. Be careful that you don’t run a pipeline in the wrong project!
- Similarly, the catalogs list itself is dependant on the current project context. As a user, you may have access to multiple organizations each with access to different catalogs. Check the current organization (displayed in the top-right of the application) if some catalogs are not appearing.
To control the inputs and trigger for a catalog pipeline, we can also create a Job. Jobs are useful when we don’t want to re-enter the pipeline variables every time we run, or to run the pipeline on a recurring schedule.
Click here to read more about Jobs.
To create a Job from a catalog pipeline, visit the Jobs page and select “New Job”:
Deleted and Revoked Catalog Pipelines
Because catalog pipelines are typically managed outside the project that is running them, it’s possible for access to a catalog to be lost in the following ways:
- The catalog may be deleted.
- Pipelines in the catalog may be deleted.
- If the catalog requires access approval, access may have been revoked.
When a job or pipeline utilizes an inaccessible catalog pipeline, you will encounter errors in the application and you will be unable to create new pipeline revisions (for includes), run the job or pipelines, or clone the pipeline. When utilizing 3rd-party pipeline catalogs, ensure that you understand the maintenance lifecycle of the upstream project. In many cases it may make sense to clone, rather than to include, catalog pipelines.
Creating a Solution Catalog
Prerequisites
Note the following before publishing your first solution catalog:
- In order to publish catalogs publicly (both with and without approval), organizations must be explicitly granted permission by a Sophos Factory support techinician. Please reach out to your technical contact if you would like to publish catalogs publicly.
- Your organization’s plan must be Enterprise Starter or higher. Catalogs are not supported for trial or community plans.
- Upon publishing, your organization will become publicly searchable by all users in the platform. It’s highly recommended to upload a company logo image by visiting the Account Settings page.
- Only organization administrators can publish and manage catalogs. Additionally, the user must have access to the catalog project with the “admin” role.
- Be careful that you do not accidentally publish any secret values in your pipeline variables or elsewhere.
Solution catalogs are created from existing projects. Once you have a project, visit the Project Settings page and find the “Share as Catalog” button:
Initially, the catalog will be created as a “draft”, which is not viewable by other projects or organizations. While in draft mode, you’ll have an opportunity to configure the summary, description, product/support links, image, and published pipelines before sharing the catalog. These fields are required before publishing, and the remaining items are displayed on the project page:
Controlling Access to Catalogs
Each catalog has an “access scope” which determines who can view and utilize catalog pipelines. The scopes are:
- Draft: Pipelines from the catalog cannot be viewed, run, or included. The catalog can only be viewed in the catalog list by organization administrators.
- Private: The catalog is shared privately with your organization. All other projects in the organization can run and include the published pipelines.
- Public with Approval: The catalog itself is viewable by all other organizations, but the pipelines cannot be viewed or run until an access request is sent and approved by an administrator in the owner organization. Access requests can be sent by visiting the Solution Catalogs page.
- Public: The catalog and its pipelines are public and can be viewed, run, and included without approval.
To change the access scope for a catalog, visit the Project Settings page:
Note
The access scope of a catalog can only be changed by increasing the level of access. A public catalog cannot be made private. A catalog that does not require approval cannot be changed to require approval.Approve and Deny Access Requests
To manage incoming catalog access requests, visit the “Project Settings” page and navigate to “Catalog Access”. Here we can view organizations with existing access to the catalog, as well as pending access requests which we can approve or deny.
