Assign agents based on Role
23 views
Skip to first unread message
Prabhakar
Feb 10, 2020, 8:39:03 AM2/10/20
to go-cd
Hi All,
Is there a way in Gocd to assign agents based on the role. This i required to avoid sharing agents between two environments, like for eg. Prod & Preprod should not be sharing same agents.
I can understand we can map agents to environments based on our requirements but when you write pipeline as a code nothing is stopping you to map any agents with any environment and this may lead you to deploy Preprod code base into Prod.
There is no guard wheel available to protect the wrong deployments and assigning wrong agents.
If we have roles that are mapped to certain agents and again that agents can be restricted in network level between environments. Is this something that can be achieved in gocd?
thanks in advance!!!
Cheers!
Prabha.
Ashwanth Kumar
Feb 10, 2020, 2:13:19 PM2/10/20
to go...@googlegroups.com
While I don't know if GoCD natively has the feature you're looking for, I would like to offer you a different solution to the problem.
Solution: Move all the pipeline as a code YAML / JSON files to a separate repository that everybody in the team has Read-Only access while any changes to the repo is managed by the same folks managing access to Prod. In our organization some teams use JIRA to raise a change request, while others send in a Merge Request (or Pull Request) with the changes they want.
--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/aa62881b-b01d-4a8a-8e1b-6ade0b05ed81%40googlegroups.com.
Aravind SV
Feb 11, 2020, 2:42:58 AM2/11/20
to go...@googlegroups.com
Hello Prabhakar,
On Mon, Feb 10, 2020 at 05:39:03 -0800, Prabhakar wrote:
> I can understand we can map agents to environments based on our
> requirements but when you write pipeline as a code nothing is stopping you
> to map any agents with any environment and this may lead you to deploy
> Preprod code base into Prod.
Incidentally, there is work in progress to allow config repositories to be restricted. You should be able to do what you need with it. It looks like it will come out in GoCD 20.2.0 (next release). It has just been merged, a couple of hours ago: https://github.com/gocd/gocd/pull/7689
It should show up in the "Experimental" installers on https://www.gocd.org/download/ later today, in case you want to try it out and give feedback. Anything newer than 20.2.0-11192 should have the change.
You can see documentation for it being updated in this PR: https://github.com/gocd/docs.go.cd/pull/418/files#diff-5b9dae2af29df9147671d43e468f0172
Cheers,
Aravind
On Mon, Feb 10, 2020 at 05:39:03 -0800, Prabhakar wrote:
> I can understand we can map agents to environments based on our
> requirements but when you write pipeline as a code nothing is stopping you
> to map any agents with any environment and this may lead you to deploy
> Preprod code base into Prod.
It should show up in the "Experimental" installers on https://www.gocd.org/download/ later today, in case you want to try it out and give feedback. Anything newer than 20.2.0-11192 should have the change.
You can see documentation for it being updated in this PR: https://github.com/gocd/docs.go.cd/pull/418/files#diff-5b9dae2af29df9147671d43e468f0172
Cheers,
Aravind
Prabhakar
Feb 11, 2020, 6:13:08 AM2/11/20
to go-cd
Hi Ashwanth & Aravind,
Thanks for your response.
@Aravind i am glad to have this feature.
But still if an agent can be mapped to role that will give more control. Preprod operator(under Pre-prod role) can't communicate with Prod agents or deploy.
i know this is not something normal but trying hard to satisfy to some serious of security questions.
thanks!
Prabha.
Reply all
Reply to author
Forward
0 new messages