"Global" infrastructure accounts

feature
(Simon Lam) #1

In some places infrastructure is managed by chef, puppet, ansible etc that can setup a single user for deployment purposes on the target machines (ssh etc).

Spaces enable great isolation but also a lot of duplication, especially where infrastructure is concerned. I understand the need to have separate machines and accounts however I think it would be especially useful if we could have global accounts that can be used by any space when setting up their deployment targets. Even better would be the ability to limit these accounts to specific spaces if required.

This would allow global accounts to be managed centrally while also allowing space specific accounts if necessary.

You could take the view that this poses a security risk but it’s really no different to having all deployments in the default space, except that the deployments can step over each other’s feet with regards to lifetimes, retention policies and the like. The security is there for those that require it even with global accounts but the ease of use is there for everyone else.

(Michael Richardson) #3

Hi Simon,

This is definitely something we’ll consider for future development.

When we shipped the Spaces feature, we decided that nothing would be shared initially (with the exception of teams). But we fully expected to hear scenarios where it made sense to share some resources. Accounts, machines, library variable sets, step templates, are all candidates for being able to be shared between spaces. I think the mechanism you describe, where they could be configured globally and scoped to specific spaces, would work nicely.

Thank you for the feedback.

(Simon Lam) #4

Awesome, that’s good to hear! I look forward to seeing this on your roadmap :slight_smile:

(system) closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.