Due to SOX Auditing, we have a bi-yearly user access review of everyone who has deployment permissions. We have automated this with Powershell and the Octopus API so that we can generate an excel spreadsheet to upload to Sharepoint for Managers to approve individual user access.

However, this has created a problem, there is no easy way to mark Team Ownership or a Team Manager as a simple user data field in the Teams' settings so that we could populate Sharepoint with the name of the person responsible for approving each users access.

Having a Team Owner or Team Manager field serves this purpose, but also would serve the dual purpose of having a user who could administer membership to just that team, removing a lot of administrative and approval overhead.

Currently it it not possible to script additional actions when planning to apply or applying a Terraform template. This means that additional steps are required to carry out simple takes like importing an exiting resource before planning, or uploading a saved plan to S3 so that it can be pulled and applied.

Many other steps have this configurable feature, and I believe it would be highly effective here.

Suggestion -
- Pre-deployment script runs before 'terraform init' (allowing download of plan from S3, for example).
- Deployment script runs after 'terraform init' (allowing 'terraform import' after the template has been initialised, for example).
- Post-deployment script runs after 'terraform plan|apply' (allowing upload of plan to S3, for example).

Octopus Deploy penalises you for using PaaS resources over IaaS.

We currently use VMs which are capable of hosting many web services and only consume 1 deployment target on our licence. If you were to convert that same VM to an Azure App Service, you would consume far more licences for the same server power, which sucks.

e.g.

A single Virtual Machine hosting 15 web apps in IIS costs only 1 deployment target

A single App Service Plan hosting 15 web services costs 15 deployment targets

TL;DR; Azure App Service Plan should consume 1 deployment target regardless of how many app services are contained within it.

Octopus Server already has a lot of oAuth/OpenID integrations built in (AzureAD, Okta, Google Apps etc) but all of them are provider-specific. It would be great to have a generic authentication provider for third-party identity servers (such as Keycloak) to expand on this even further. Considering all of the current implementations are already based on a common class (https://github.com/OctopusDeploy/OpenIDConnectAuthenticationProviders) I imagine this shouldn't require much work. Although generic provider could expose more customization on how to extract user information from ID token, for example. We are using AzureAD integration to cover this for now (Keycloak integration) and it works, but this looks more like a hacky workaround then a proper solution.

https://help.octopus.com/t/feature-request-variable-sets-spanning-spaces/26948/4

We have multiple teams and have so far been avoiding spaces because we have no way that we know of to share variables and scripts between teams in different spaces.

We have a lot of shared configuration that we wants accessible by all and with only one source of truth. For example, we have many apps that need to add whitelisting for our build/deploy servers. We store that ip whitelist in an octo variable set so all project can access it. If I need to alter that whitelist I can be confident that if I change the values in the variable set then the apps have the updated whitelist on the next deploy.

This doesn’t work if teams are in different spaces. I would effectively have to manage several whitelist variable sets across every space which kind of defeats the point. The reason for needing to move to different spaces for each team is that accounts (e.g. Azure Service Principles) cannot be restricted except across spaces and we want to de risk the possibility of one team using another teams account

I manage a multi tenant system and the dashboard is always a pain to use.

First the icon cant be trusted as it dose not accurately show things like a single tenant deploying (The animated icon).

But the real pain is that if I click that icon it takes me to the deployment page of one of the tenants. What I want it to do is take me to a screen for all of the tenants. Something like the tasks screen filtered by environment would be very nice.

Then I would be able to see the true state of all the tenants in this deployment and not just a random one.

And then i can click the necessary icon from that screen to get to the individual deployment details.

It would be nice to add some screen shots but it looks like there is no easy way to do that here any more. ):