We have multiple applications across multiple business units (BUs). It seems as though the only good way to enforce security so that one application from one BU does not get deployed to another BU’s servers is by creating separate environments, as security can be enforced by project or environment.
For example, what we’d like to have is the following lanes (environments): Development, QA, UAT, Prod. What we end up with is BU1 Development, BU2 Development, BU1 QA, BU2 QA and so on.
I’ve read some discussions indicating that we should be leveraging specific machine roles to better target our deployments, but it doesn’t look as though Octopus Deploy allows security based on machine role. During our POC, we took this route - we had a single Development environment housing servers from all BUs, and each one was tagged with one or more very specific roles. Unfortunately, someone had a typo in their deployment process and was able to easily deploy to a server that was not theirs.
So… I’m looking for a little guidance on best practice here, along with hoping that someone can tell me that machine role security trimming is somewhere on the backlog.
Any advice would be welcome.