Project

General

Profile

Feature #22632

Lifecycle environment promotion with approval

Added by Ondřej Pražák over 1 year ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Lifecycle Environments
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

We aim to achieve a separation of duties across system administrators who have access to Foreman and managing Puppet configuration. This requires implementation of a workflow for puppet where a sysadmin will need approval from a delegated release manager prior to deploying the configuration on to production systems.

We do not have a git repository deployed and at this stage we do not have plans to develop puppet modules. What we want is the ability to import a puppet module as required, take the module through a lifecycle of testing, then have a decision point for approval from a release manager to deploy to the hosts.

We would like pending approval to block promoting even if sysadmin has sufficent permissions to promote and promotion to be enabled again only after release manager gave an approval.
We do not need approvals for all promotions, so we would like to specify if approval is required or not.

History

#1 Updated by Ondřej Pražák over 1 year ago

  • Category changed from Roles and Permissions to Lifecycle Environments
  • Subject changed from Lifecycle environment promotion with approval to Lifecycle environment promotion with approval

#2 Updated by Justin Sherrill over 1 year ago

  • Legacy Backlogs Release (now unused) set to 114

#3 Updated by Thomas McKay about 1 year ago

One possibility is to use the new pre/post contentview promote hooks here http://projects.theforeman.org/issues/23438

A larger design to expose gating for content promotion would be useful. For container images, for example, I may put criteria that the image must have a valid signature and no know vulnerabilities before promoting to my production environment. This could be done through the hooks but I'm unsure how to expose information back to the user on the failure of criteria.

Also available in: Atom PDF