Octopus.Script exported 2025-04-16 by donnybell belongs to ‘Octopus’ category.
Use directly after a Manual Intervention step to enforce additional restrictions.
Use cases include:
- Preventing users from approving their own deployments
- Restricting certain users from approving deployments
Parameters
When steps based on the template are included in a project’s deployment process, the parameters below can be set.
Prevent Deployer from approving?
URE.PreventDeployerFromApproving = True
When enabled, this terminates a deployment when the user who initiated the deployment also approves the manual intervention step
Manual Intervention step name
URE.ManualInterventionStepName =
Select the step name from drop down
Excluded Users
URE.ExcludedUsers =
Usernames of users to be excluded from manual intervention approvals (one per line)
Script body
Steps based on this template will execute the following PowerShell script.
$manIntStepName = $OctopusParameters["URE.ManualInterventionStepName"]
Write-Host "Created by: "$OctopusParameters["Octopus.Deployment.CreatedBy.Username"]
Write-Host "Approved by: "$OctopusParameters["Octopus.Action[$manIntStepName].Output.Manual.ResponsibleUser.Username"]
If ($OctopusParameters["URE.PreventDeployerFromApproving"] -eq $true) {
$deploymentCreatedByUsername = $OctopusParameters["Octopus.Deployment.CreatedBy.Username"]
}
$approvedByUsername = $OctopusParameters["Octopus.Action[$manIntStepName].Output.Manual.ResponsibleUser.Username"]
If ($approvedByUsername -eq $deploymentCreatedByUsername) {
Write-Warning "The same user may not be used to both start the deployment and approve the deployment."
Write-Warning "Please retry the deployment with a different approver for the $manIntStepName step."
throw "Terminating deployment..."
}
Else {
$excludedUserList = $OctopusParameters["URE.ExcludedUsers"].Split([System.Environment]::NewLine)
If ($excludedUserList -contains $approvedByUsername) {
Write-Warning "The user $approvedByUsername may not approve this deployment."
Write-Warning "Please retry the deployment with a different approver for the $manIntStepName step."
throw "Terminating deployment..."
}
}
If (($OctopusParameters["URE.PreventDeployerFromApproving"] -ne $true) -and (!$excludedUserList)) {
Write-Host ">>>PreventDeployerFromApproving set to FALSE"
Write-Host ">>>ExcludedUsers contain no value(s)"
}
Write-Host "Check complete"
Write-Host "Continuing..."
Provided under the Apache License version 2.0.
To use this template in Octopus Deploy, copy the JSON below and paste it into the Library → Step templates → Import dialog.
{
"Id": "06080873-f7f1-47e9-aaac-7ec1927f8146",
"Name": "Manual Intervention User Restrictions Enforcement",
"Description": "Use directly after a Manual Intervention step to enforce additional restrictions.\n\nUse cases include: \n- Preventing users from approving their own deployments\n- Restricting certain users from approving deployments",
"Version": 2,
"ExportedAt": "2025-04-16T21:40:42.587Z",
"ActionType": "Octopus.Script",
"Author": "donnybell",
"Packages": [],
"Parameters": [
{
"Id": "d3e12917-2af0-4cff-988a-083e30a36314",
"Name": "URE.PreventDeployerFromApproving",
"Label": "Prevent Deployer from approving?",
"HelpText": "When enabled, this terminates a deployment when the user who initiated the deployment also approves the manual intervention step",
"DefaultValue": "True",
"DisplaySettings": {
"Octopus.ControlType": "Checkbox"
}
},
{
"Id": "4ec5ca6e-b033-44f9-8746-e926d853b4ec",
"Name": "URE.ManualInterventionStepName",
"Label": "Manual Intervention step name",
"HelpText": "Select the step name from drop down",
"DefaultValue": "",
"DisplaySettings": {
"Octopus.ControlType": "StepName"
}
},
{
"Id": "fed4cffe-d286-4793-ac6b-0d0b3ac35b27",
"Name": "URE.ExcludedUsers",
"Label": "Excluded Users",
"HelpText": "Usernames of users to be excluded from manual intervention approvals (one per line)",
"DefaultValue": "",
"DisplaySettings": {
"Octopus.ControlType": "MultiLineText"
}
}
],
"Properties": {
"Octopus.Action.Script.ScriptSource": "Inline",
"Octopus.Action.Script.Syntax": "PowerShell",
"Octopus.Action.Script.ScriptBody": "$manIntStepName = $OctopusParameters[\"URE.ManualInterventionStepName\"]\n\nWrite-Host \"Created by: \"$OctopusParameters[\"Octopus.Deployment.CreatedBy.Username\"]\nWrite-Host \"Approved by: \"$OctopusParameters[\"Octopus.Action[$manIntStepName].Output.Manual.ResponsibleUser.Username\"]\n\nIf ($OctopusParameters[\"URE.PreventDeployerFromApproving\"] -eq $true) {\n $deploymentCreatedByUsername = $OctopusParameters[\"Octopus.Deployment.CreatedBy.Username\"]\n}\n$approvedByUsername = $OctopusParameters[\"Octopus.Action[$manIntStepName].Output.Manual.ResponsibleUser.Username\"]\n\nIf ($approvedByUsername -eq $deploymentCreatedByUsername) {\n Write-Warning \"The same user may not be used to both start the deployment and approve the deployment.\"\n Write-Warning \"Please retry the deployment with a different approver for the $manIntStepName step.\"\n throw \"Terminating deployment...\"\n}\nElse {\n $excludedUserList = $OctopusParameters[\"URE.ExcludedUsers\"].Split([System.Environment]::NewLine)\n If ($excludedUserList -contains $approvedByUsername) {\n Write-Warning \"The user $approvedByUsername may not approve this deployment.\"\n Write-Warning \"Please retry the deployment with a different approver for the $manIntStepName step.\"\n throw \"Terminating deployment...\"\n }\n}\n\nIf (($OctopusParameters[\"URE.PreventDeployerFromApproving\"] -ne $true) -and (!$excludedUserList)) {\n Write-Host \">>>PreventDeployerFromApproving set to FALSE\" \n Write-Host \">>>ExcludedUsers contain no value(s)\"\n}\nWrite-Host \"Check complete\"\nWrite-Host \"Continuing...\"\n "
},
"Category": "Octopus",
"HistoryUrl": "https://github.com/OctopusDeploy/Library/commits/master/step-templates//opt/buildagent/work/75443764cd38076d/step-templates/Manual-Intervention-User-Restrictions-Enforcement.json",
"Website": "/step-templates/06080873-f7f1-47e9-aaac-7ec1927f8146",
"Logo": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAC1QTFRFT6Tl////L5Pg8vj9Y67omsvwPJrisdfzfbzs5fL7y+T32Ov5isLucLXqvt31CJPHWwAABMJJREFUeNrs3deW4jAMAFDF3U75/89dlp0ZhiU4blJEjvQ8hYubLJsA00UCBCIQgQhEIAIRiEAEIhCBCEQgAhGIQAQiEIEIhD8kJm+t+QprfdKfB9HbYpx6CWfspj8HMi+gMgHL/AmQA8W3JTKH+ALFvzCeL0RbpyoCPE9IJeNOSQwh5Z3qd6yRGWQ2qi2cZQWxqj1WzQYSjeoJmJlAklOd4VlArOqPhQEkqBERToeMcfRJBkC0Uep8CfBpjz4JsHJ0zF3dkEWNje0kiB/sUC6eApndaIiCMyAa1PiwJ0AWhRGJHJJQHG2dC7h1rNbO1QOxSA7lNCkkKrQIpJCAB1GREILYIC1NAiwbpKFJgGWDNExcwGstfExcZBCHC6nOglshHtmhViLIig1RNBCN7qjtW8C0Z1UvJcC1Z9XmwMBzzvobmgAyEzgq91dtEEsBsQSQQAFZCSBAATEEEApHZbrVBIkkEIUPSVeB+KtALA0kXQUSrwKZBCIQBnk8Y4i5CsReBeKvkqLM+BCSDWJlrZFvGk9SRTHshkgjZCGAaArIxm3H3grhVzFlW2msfl1ca79UJ1bofYvsDHHlNdTZnlh5MghuPd5NdBDUNZHyCkfktIh03XzALGRPlBDPac7qgWjHZzWcmF5zmmkhidMQ6boKiDXcDTUEaylZqCGJ0Vjvu/fLJtHqhSANEvqb2OYqkOUqEHuVMbJcZdZCGiPhKhC4yjqiIjEE7XThMp8fAWII3mY3kUIQD+AMKQTzPiBhgQ63HlT/KSvgtoi0dq5mCPah1UIE0eh3sT0NhOByvKeAkFzi8PgQomumFhsyOxpIzZN4gLOj5plVwNpR0b2AuePWKBEHQu24pSsJA+LVCeHHQxZ1SiyDIdqok8IOhSSnTottHEQTdyt4ettAj4KkzA4dMikk2Dht2S5ptm1vswnPDxn0YyDZ5oDM3iToo2T5voWaYe+Q+vdjH80QyAzZhCgcDtLMI1Tmtz9w++XHgziHQHJJu/OZ3bs9Xn8gQ72NcP3dKqEfkp10F51xhoIi2I91R+LurXV/5q7pH+wx061CzO16oSQleMyr8fXvwMA0Pro8432DPD/ySx8XrHfSuDAM8n6UhnjQabaiXf5Bq/lREHvEeNtn1rJ08+C/uXkQZHeguxAPC3UvtcJYUogLzZX5hhZZvS6onG5lxXtzWGaygwb79vT/IXhdlNibwlKYOR6T8xjI7W8n+xV7T+GH4tMzWwR+lZhRkJYSsC0thpmCYqyngOz3rN2FLBZ2wZflBCggUHF0Vnp88JKienzIXLSEZCZqU7IKr/gQW9yx3pzV7Y9kvWZWTRRIqDmTtRUnU7b2lLcTYmoqHqnmiO1poER0SPkAeZMAZxaJx0Y3TCdAclsIqDz03ALcyxfTCZBsthoGXWmigGyVhWPLFJJfuuKQWycoEFdXbH4dJJoJxNR1eD/kshz6yn48cF8yW8sFoitflB1w6Q8n+/15Za7oA17/pYNmYgP5fmWm8L1NOHPWgK8kuFew1/JXtOA0yJCv7ah7X8ObUuT5kObU30+fDZm8+zqP+HTIpK0xQ796b5Kv2hSIQAQiEIEIRCACEYhABCIQgQhEIAIRiEAEIpBf8UeAAQAEjtYmlDTcCgAAAABJRU5ErkJggg==",
"$Meta": {
"Type": "ActionTemplate"
}
}
Page updated on Wednesday, April 16, 2025