1

How would one go about creating a secure means of deploying a package by way of Octopus Deploy?

Implementing a duplicate team, former for developers to deploy to development environment, the latter, to deploy to staging/production environment, with identical roles and specific users that would be team leads that can only deploy to staging/production.

The idea is to prevent developers from having to deploy or promote to staging/production as means of security.

It seems rather clunky in having a duplicate team, and would cause confusion especially when new octopus projects are created in the regards of syncing up between the duplicate teams.

What would you advise/recommend in this approach?

Ninja Edit I have included the tags and as that is the idea - teamcity, when a build process is kicked off, that will deploy a build eventually leading to octopus deploy which will carry out the deployment process to that environment.

James Woolfenden
  • 6,498
  • 33
  • 53
tombags
  • 61
  • 1
  • 5
  • Can't you adjust the out of the box octopus deploy user role matrix to prevent developers from deploying to the higher environments?? – Kye Sep 25 '16 at 10:48
  • @kye can you clarify what you meant - did not understand your comment. – tombags Sep 27 '16 at 11:41

1 Answers1

1

We're in a similar situation where developers are responsible for the DEVELOPMENT environment, testers for TEST and the operations team for PREPROD and PROD.

This is enforced by providing all users with access to Octopus Deploy, creating environment specific teams with roles scoped to particular environments; and assigning users to teams.

http://docs.octopusdeploy.com/display/OD/Managing+users+and+teams

Kye
  • 5,919
  • 10
  • 49
  • 84
  • What about, when adding new projects, or adding new users, to me, the roles are somewhat, I think, more of controlling how the website appears rather than anything else. – tombags Sep 30 '16 at 09:38
  • Are you suggesting that the permissions are not enforced and are only used for display? You've trusted the tool to deploy your product, may as well go all the way. – Kye Sep 30 '16 at 10:17
  • The role specificially for deploying/project contributor/initiator/deployer, requires additional roles such as task view log for example, if that task view log is absent, a error appears on the webpage (which is what I am interpreting) There are others which if not present, shows an error box, like, machine view, environment view. Does adding a role on top of team that has another role, combine the checkboxes for each item or cancel out? – tombags Sep 30 '16 at 10:57
  • 1
    You just need to have a play around with it for a few days until you find a good fit. http://docs.octopusdeploy.com/plugins/servlet/mobile#content/view/3048105 – Kye Sep 30 '16 at 11:16