I have one project that is my “Admin” project. It has things that normal users should not even know are there. (Scripts to administer the Octopus Deploy Space and my infrastructure.)
I would like to give Project Viewer access to all projects except that one. I see that I can whitelist individual projects / project groups or whitelist all projects / project groups.
But if I do that, then each time I add a project, I have to go back to all my teams and add that new project into the whitelisted group.
Is there a way I can just blacklist a single project / project group? (Grant Project Viewer to all projects except my Admin project.)
Thanks for the great question, the best way to do this would likely be to use Spaces here, to create an Admin space, and then restrict that to just yourself and other applicable admins.
This would likely be the least labor-intensive solution here, as you’ve correctly guessed, there’s no way to blacklist a single project.
If you’re running 2021.1, the best way is to use the import/export feature that we added in this version. You can find details of it in our documentation here: Exporting and Importing Projects - Octopus Deploy
In older versions, you’ll likely want to use the API to perform most of the work- our Solutions team have created some scripts to handle that, available here: GitHub - OctopusDeployLabs/SpaceCloner: A tool to clone/sync a space, project, and/or other items between - keep in mind, this uses the REST API, which does not have access to sensitive variables and other encrypted data. If you’re on 2021.1, or in a position to upgrade, I’d strongly recommend using the new functionality.
I used the Export and Import and for the most part it seems to be working. Thank you for the suggestion.
I have two pieces of feedback for that process. One is a bug (I think) and one is a feature request:
Bug: When I imported my project, my Runbook Trigger did not get imported. Everything else was just fine, but the runbook trigger was not there. (I only had one so it was not a big deal to just re-create it.)
Feature Request: When importing the project, allow an option to rename it at the same time. This would help for scenarios where the importing of a project is used to stamp out new projects.
I would use this to make “True Copies” of a project (including Tenants).