-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI User wasn't picked up when deploy update set #5
Comments
Fix in release >= 3.2.2 |
Unfortunately its not as simple as that. The source user must have admin or teamdev_user role to allow the target to pull the update-set. This is why initially the request was made with the CD user. @gitlabbin I see you point where it's confusing when 'talking' to the source with the deployment user. The deployment process registers an 'update set source' on the target environment pointing to the source. The credentials for this are: Options for this: I think this change should be reverted and CD user used for this process. Proposals please |
Hi Boris, Correct me if I am wrong:
No impact to the deployment inside of servicenow, that is implemented in I did test on my side, everything working fine. |
The deployment is a series of calls. First one points to source which then (service now internally) connects to target to register a new update set source. Can you pls check on your target env what credentials are set here? Cheers |
The idea was to have as less admin grants as possible. For CI that’s no issue, but for CD it needs this privileges. I’m thinking of changing this API a bit to have all options..... |
You are right, I am using admin role for both, the rest api will update the source update set status to 'committed' too, so it will need privilege as well
Target Instance user:
also having multiple source instances and multiple target instances.
|
a new feature may need to encrypt the password in side .env config, for some security policy reasons config file can't keep clear password. |
If you don't want to have passwords in the .env file, you can set the env vars before startup of the service. |
As it needs a user which has admin or teamdev_user role I'm going to change the deployment API to look like this:
'sourceEnvironment' will be used to create the 'update set source', the request to that API will be done with the CI user. I'll keep the 'CICD_DEPLOYMENT' creation part but will add a system property to toggle the creation of that user with 'teamdev_user' privileges. In that case there will be no need to have a CD user with admin role at all on the source environment. |
@gitlabbin I'm also going to present this tool on K19 Tuesday ~10:30 - in case you have plans to join the Knowledge. Cheers |
Great job, I will find some time to try this new feature out. |
Issue:
config snippet from .env file :
while running deployment jobs, it always using 'admin' to connect to the source instance, it will cause authentication failure
The text was updated successfully, but these errors were encountered: