[Feature] Use account for tenant and non-tenant deployments?

I want to use my Azure account for both Tenant and non-Tenant deployments, but this doesn’t seem to be allowed. It seems to be one or the other, but not both. That seems like a rather odd design choice to me. Any plans on changing this behavior?

Hi!

Thanks for getting in touch. Could you send some details about the particular error message you are being shown, and when it occurs?

Once you apply a tenant filter, Octopus considers the filter like authorization: Only matching tenants can use this account. Consider the case where you are using a customer’s Azure Account to deploy their instances of your applications, you wouldn’t want to accidentally use their Azure Account for deploying another un-tenanted application.

If you leave the “tenant filter” for the Azure Account blank, you should be able to use the Account for both tenanted and un-tenanted deployments.

If this doesn’t help, or still doesn’t seem like the right choice to cater for your scenario, could you send through some more details as to the specific situation? I’m really interested! :slight_smile:

In case it helps we’ve also been having some related conversations about tenanted/un-tenanted deployment targets over here: http://help.octopusdeploy.com/discussions/questions/9031-tennant-and-non-tennant-deploys-to-the-same-server

Hope that helps!
Mike

Here’s my repro steps:

  • Create project that allows both tenant and non-tenant deployments
  • Create Azure account and don’t add tenant
  • Create a couple of tenants
  • Do a non-tenant deployment
  • Then use this release to do a tenant deployment.

This gives me the following error:
Contoso is not authorized to use the Azure account. Either authorize Contoso to use the Azure account, or create a new account for Contoso to use.
Once you have corrected these problems you can try again.
If the problem is related to a variable you will need to update the variables for this release or recreate the release for the changes to take effect.
If the problem is related to the deployment process you will need to create a new release for the changes to take effect.

So just to be clear. This:

If you leave the “tenant filter” for the Azure Account blank, you should be able to use the Account for both tenanted and un-tenanted deployments.

Does not seem to be true.

Hi!

Thanks for getting back to me. I’ve confirmed with the other developers that we made Development Targets and Accounts behave similarly as a safe-by-default choice for Octopus 3.4.0: tenanted deployments will use “tenanted” accounts, and un-tenanted deployments will use “un-tenanted” accounts.

I agree this doesn’t make sense out of the gate if you have a common set of Accounts for everything, and want to share the single account across both tenanted and un-tenanted deployments.

We are having discussions about adding a feature to allow you to configure both ends of the deployment regarding tenants. Each project can already configure whether it allows tenanted deployments, and we think it makes sense for you to configure whether accounts and deployment targets should be used for:

  • Tenanted deployments only (empty tenant filter means ANY/ALL tenants can use this account/target)
  • Either tenanted or un-tenanted deployments (tenant filter would only apply for tenanted deployments)
  • Un-tenanted deployments only (tenant filter would be cleared and disabled/ignored since tenanted deployments would always exclude this target/account)

This would give Octopus the information it needs to determine which deployments would be authorized to use certain Accounts, as well as which Deployment Targets to incorporate into the deployment.

The other thread is here: http://help.octopusdeploy.com/discussions/questions/9031-tennant-and-non-tennant-deploys-to-the-same-server

Does this sound like it would help in your situation?

Hope that helps!
Mike

That would definitely help!

What would a rough ETA be for this? It’s the only thing that’s missing to get our environment up and running. (Don’t mean to rush you or anything :wink: )

Hi,

Thanks for getting back to me. I can’t really offer an ETA, but I expect we’ll add a GitHub Issue to handle these situations and you can track it from there.

Hope that helps!
Mike

Alright, thanks!

We’ve decided to use a Dummy tenant for now and make the project tenant-only.

Hi!

Here is the GitHub Issue to track: https://github.com/OctopusDeploy/Issues/issues/2722

Hope that helps!
Mike