Using deploy extension from TFVC display wrong auditing

oferba · 8 April 2019 08:29

Hey Team

I am using the extensions (TFVC) Deploy / Create a Release, all working fine. The issue is that Octopus deploy deployment task summery indicate the name of the user whose create the Task in the TFVC, but not the name of user who trigger the build.
In both cases (TFVC and Octopus) authentication is via AD.
Is there any way to display and audit the user who trigger the build and the deploy.

Many Thanks
Ofer

Michael_Noonan · 9 April 2019 02:58

Hi Ofer,

Thanks for getting in touch! It sounds like the end result you want is:

Ofer clicks Build in TFS
TFS calls octo.exe create-release ...
The Release in Octopus should look like it was created by Ofer

Does that sound about right?

Unfortunately, that is not possible due to the way TFS allows us to integrate with Octopus.

When you configure a Connection to Octopus, you typically use an API Key so TFS can authenticate with Octopus. That API Key is tied to a single user account in Octopus, typically a Service Account. The result: every action performed in Octopus using that Connection will be performed by that single user account.

In this case, to get the full picture of “who created a release in Octopus” you will have to go back through to TFS and see what triggered the build to start. In the real world this “chain of custody” can get complicated:

Ofer commits code changes to source control, which triggers a build automatically, which results in a release being created in Octopus. In this case TFS will not say Ofer started the build, it was the change in source code which triggered the build.
Mike manually starts a new build of his own code change in TFS, which results in a release being created in Octopus.
Mike manually starts a new build of Ofer’s code change in TFS, which results in a release being created in Octopus.

In all three cases, who should really be “responsible” for the release being created in Octopus? I would be keen to understand what you would like to see in Octopus for each scenario.

Hope that helps explain the situation!
Mike

oferba · 10 April 2019 07:24

Dear Michel

Thank you very much.

We think it’s a little problematic from the organization security aspect. As our security team would like to track each deployment without the need to access other systems. Is there any workaround ? I mean add a argument to octo.exe with the user who trigger the command.

As for your question:

Ofer commits code changes to source control, which triggers a build automatically, which results in a release being created in Octopus. In this case TFS will not say Ofer started the build, it was the change in source code which triggered the build.
I agree it’s not Ofer responsibility - But this is not our use case.
Mike manually starts a new build of his own code change in TFS, which results in a release being created in Octopus.
Mike responsibility and need to be Audit both TFS and Octopus - our use case
Mike manually starts a new build of Ofer’s code change in TFS, which results in a release being created in Octopus
Mike responsibility and need to be Audit both TFS and Octopus - our use case

Many Thanks
Ofer

system · 10 May 2019 07:24

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.