Has anybody come up with any automated solution for disabling remote site settings after a sandbox is created or refreshed?
I'm trying to prevent situations where someone creates a developer sandbox from production and there's still apex code/scheduled jobs in that sandbox that may now try to connect to production services/integration endpoints.
It would be nice if all remote site settings were disabled by default after a sandbox was created/refreshed forcing the user to enable the ones (or creating new ones for test endpoints) that are needed in the sandbox.
I suppose it may be possible using the SandboxPostCopy interface and a custom apex class that uses the Metadata API wrapper https://github.com/financialforcedev/apex-mdapi but I'd like to avoid the going to those lengths if possible.
Best Answer
Realistically, no, you can't. SandboxPostCopy doesn't even get a legitimate session Id, so the apex-mdapi wrapper is out, along with pretty much any other technique you might dream up.
The solution, of course, is simple. Use a Custom Setting that enables integrations, and then have your SandboxPostCopy delete the Custom Setting value when it runs.
Of course, you need to remember to use it consistently, and of course, you need to remember to run your SandboxPostCopy script, but this is pretty much a matter of discipline.s If you're in a habit of using SandboxPostCopy anyways, this won't be a big deal.
For example, our script deactivates all non-admins, configures some custom settings, cleans up scheduled jobs, and populates a handful of standard data that we need if it's not already present (for full-copy sandboxes). It takes care of a whole bunch of bothersome settings all at once.