Project

General

Profile

Actions

Feature #22632

open

Lifecycle environment promotion with approval

Added by Ondřej Pražák about 6 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Lifecycle Environments
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

We aim to achieve a separation of duties across system administrators who have access to Foreman and managing Puppet configuration. This requires implementation of a workflow for puppet where a sysadmin will need approval from a delegated release manager prior to deploying the configuration on to production systems.

We do not have a git repository deployed and at this stage we do not have plans to develop puppet modules. What we want is the ability to import a puppet module as required, take the module through a lifecycle of testing, then have a decision point for approval from a release manager to deploy to the hosts.

We would like pending approval to block promoting even if sysadmin has sufficent permissions to promote and promotion to be enabled again only after release manager gave an approval.
We do not need approvals for all promotions, so we would like to specify if approval is required or not.

Actions #1

Updated by Ondřej Pražák about 6 years ago

  • Subject changed from Lifecycle environment promotion with approval to Lifecycle environment promotion with approval
  • Category changed from Roles and Permissions to Lifecycle Environments
Actions #2

Updated by Justin Sherrill about 6 years ago

  • translation missing: en.field_release set to 114
Actions #3

Updated by Thomas McKay almost 6 years ago

One possibility is to use the new pre/post contentview promote hooks here http://projects.theforeman.org/issues/23438

A larger design to expose gating for content promotion would be useful. For container images, for example, I may put criteria that the image must have a valid signature and no know vulnerabilities before promoting to my production environment. This could be done through the hooks but I'm unsure how to expose information back to the user on the failure of criteria.

Actions

Also available in: Atom PDF