I am new to Pulumi. Is there any option to lock a particular stack in Pulumi to prevent accidental updates or deletion? I understand that RBAC is enforced to provide this functionality to only members with required permissions.However, I still want to prevent accidental changes to the stack even when the persons with all necessary permissions attempt to do it.
You're correct in that only members of teams with the correct permissions on stacks can update them or destroy them. There's no way to lock a stack.
What I would do is have a separate stack for your production deployment and then only give access to your CI/CD pipeline tool of choice so that no one else can do the update.
This is also why Pulumi has previews so that you can see what is being changed before you agree to the update.
Recently, Pulumi announced "Update Plans" (blog post announcing this: https://www.pulumi.com/blog/announcing-public-preview-update-plans/) that might help you out.
Related
Microsoft offers the Lifecycle Management service, which allows me to setup a rule for an action.
There, I can delete old blobs by setting up an expiration date. However, after deleting all the blobs the container remains there, forever empty.
Is there any configuration that also deletes de container whenever it is x days old and/or empty?
We don’t have container delete as part of life-cycle management now.We are in planning to add in the future.
You can share your feedback or suggestion here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
We've had a DevOps member leave recently and have had complaints that all of the integrations (incoming webhooks) that they had set up have stopped working... (once the user was disabled).
One suggestion for dealing with this was to notify the affected channels when we deactivate the user, but I can't find in the API methods a way to look up which channels a user might have configured these webhooks for...
Anyone had to do something like this?
To get the apps and internal integrations that have been installed by a specific user use the API method called team.integrationLogs.
This method lists the integration activity logs for a team, including
when integrations are added, modified and removed. This method can
only be called by Admins.
For a programmatic solution you will need to go through all log entries for one user / app to find out its latest status.
However, it might still become difficult to reinstall all that apps / setup all that webhooks again properly after a DevOps member has left depending on how good your documentation is. We have therefore started using a generic admin user (e.g. "slackadmin") as main installer for all important apps / integrations for our workspace.
I recently came across a situation where two of our users were not able to see the added resources in resource plan. Moreover they can add new resources but cant save them. All they see is an alert saying 'Project is no longer checked out to you'.It happens only for specific projects.
As the alert says it was checked out to someone else, I tried to force checkin the project/resource plan but it doesn't appear in the 'Force Checkin Enterprise Objects' itself.
I thought whether those users doesn't have enough privilege to do the operation, but they are part of Project Managers/Portfolio Mangers where they have full access to do this task.
Can someone provide some insights on what caused this issue to the users.
I see that the Resource plan was corrupted, and thats why users were not able to add/save it. I created a utility using PSI which deletes the Resource Plan for those projects.
I validated Project Schedule,Resource Utilization, capacity and none of them lost their value after deleting the resource plan. So the utility resolved the issue.
I am posting answer for my own question as it helps for someone else..
I'll try to explain my goal as good as I can;
I want to trigger a script whenever there is a new computer added to a Organizational Unit.
To do this i need to activate the logging of this event under the local security policy/audit policy. I guess my question is, do I need to do this on all the domain controllers, or is it enough to do it one just one?
Also, is it possible to see the event from a member server with the Management Tools pack installed? As I don't want to put too much work on the Domain Controllers.
Here is the Microsoft article that gives 4 ways of tracking changes in Microsoft Active-Directory. You will find everything you need from configuring the eventlog to receiving notifications by way of different kind of polling.
I understand conceptually what I need to do, I'm primarily here to ask about what tools I need for the job.
I've set up and configured Robut for use with HipChat so my team can, nominally, entertain themselves and also be able to access the contact info of other members (the important part). Obviously I don't want the bot hosted locally every day, so I want to push it to a server; along the same vein, I also don't want to have to constantly update Robut's plugin for whois every time the team changes.
We have a Contact Information wiki set up on Github, so I'm wondering what ruby gems/etc. I might need in order to pull down the wiki page, at which point I will be able to parse it.
Thoughts?
Github's API doesn't have Wiki support. What you can do is contact support at Github and see what your options are.