Lifecycle environment promotion with approval
We aim to achieve a separation of duties across system administrators who have access to Foreman and managing Puppet configuration. This requires implementation of a workflow for puppet where a sysadmin will need approval from a delegated release manager prior to deploying the configuration on to production systems.
We do not have a git repository deployed and at this stage we do not have plans to develop puppet modules. What we want is the ability to import a puppet module as required, take the module through a lifecycle of testing, then have a decision point for approval from a release manager to deploy to the hosts.
We would like pending approval to block promoting even if sysadmin has sufficent permissions to promote and promotion to be enabled again only after release manager gave an approval.
We do not need approvals for all promotions, so we would like to specify if approval is required or not.
#3 Updated by Thomas McKay about 1 year ago
One possibility is to use the new pre/post contentview promote hooks here http://projects.theforeman.org/issues/23438
A larger design to expose gating for content promotion would be useful. For container images, for example, I may put criteria that the image must have a valid signature and no know vulnerabilities before promoting to my production environment. This could be done through the hooks but I'm unsure how to expose information back to the user on the failure of criteria.