Issues icon indicating copy to clipboard operation
Issues copied to clipboard

Published 20 hours ago verified publisher icon OctopusDeploy

Scoping certificate variables to targets causes a validation error for tenants not associated with those targets

Open ryanrousseau opened this issue 4 years ago • 4 comments

Prerequisites

  • [x] I have verified the problem exists in the latest version
  • [x] I have searched open and closed issues to make sure it isn't already reported
  • [x] I have written a descriptive issue title
  • [x] I have linked the original source of this report
  • [x] I have tagged the issue appropriately (area/*, kind/bug, tag/regression?)

The bug

If a certificate variable is scoped to targets, tenants will get validation errors for machines not included in their deployments.

What I expected to happen

There should be no error message for a certificate scoped to a target not included in the deployment.

Steps to reproduce

Reproduced at https://demo.octopus.app/app#/Spaces-3/projects/shared-project/deployments/releases/0.0.8/deployments/create/to/Environments-141

  1. Create two tenants.
  2. Create two targets in an environment, each assgined to different tenants.
  3. Create two certificates, each associated to different tenants.
  4. Create a project with a simple script step.
  5. Create a project variable for the certificate with each certificate scoped to the target matching their tenant.
  6. Create release and try to deploy to one of the tenants.
  7. See error.

Screen capture

image

Affected versions

Octopus Server: At least 2020.2 and later.

Workarounds

The only workaround is to associate all tenants to the targets in an environment which can lead to unintended or incorrect results.

Links

https://help.octopus.com/t/certificate-project-variable-access-denied-to-tenanted-deployment/25922

ryanrousseau avatar Nov 12 '20 20:11 ryanrousseau

Another Customer Report

Internal Slack Discussion

FinnianDempsey avatar Jan 05 '22 06:01 FinnianDempsey

Internal slack discussion - https://octopusdeploy.slack.com/archives/C01J6U3MHJ4/p1649805126533109 This issue could be solved by implementing a way to scope tenant variables. I'll keep this issue open for now.

ankithkonda avatar Apr 13 '22 03:04 ankithkonda

The investigation into this issue determined that this is the intended functionality and there is another method to use.

To have different certificate values scoped to each tenant, navigate to the Project and create a Project Variable Template for the certificate. Next, navigate to each Tenant linked with that project and specify the value to use on the Tenant variable page.The certificates should have their value provided by each tenant and is scoped to the tenant.

Unfortunately this doesn't allow for scoping variables to more than the environment (e.g. Tenant Tags) and a feature request has been made to get this added: https://github.com/OctopusDeploy/Issues/issues/7484

Screen Shot 2022-04-12 at 10 10 58 pm

Screen Shot 2022-04-12 at 10 08 02 pm

FinnianDempsey avatar Apr 13 '22 04:04 FinnianDempsey

I have a similar issue using "Run an azure script" using Azure account from a variable Even with scoping the variable to only the runbook , it failed the release creation because of some scoping

FelixBrunet avatar May 12 '22 10:05 FelixBrunet