https://pulumi.com logo
Join Slack
Powered by
Today we’re releasing the next iteration of Pulumi...
# announcements
l
Today we’re releasing the next iteration of Pulumi Deployments, an API-first platform for shipping infrastructure. https://www.pulumi.com/blog/pulumi-deployments-platform-automation/ Are you a platform engineer struggling to build self-service cloud platforms? Deploying CI/CD at scale across an enterprise? Traditional CI/CD systems are designed entirely around source. Config is read from the branch and commits trigger builds. With #pulumi-deployments you can do all of this with REST APIs. Far easier to build platforms on APIs than templated YAML. Learn more and started today: • Deployments DocumentationPlatform Automation Examples • Join the #pulumi-deployments channel
g
I just read this, and this looks amazing. A) Since I am not an org admin, does that mean I can only use REST API? I'm reading this page https://www.pulumi.com/blog/oidc-blog/#enabling-oidc-for-your-stack-for-git-push-to-deploy We have multiple accounts and clouds, for example with AWS our structure of accounts is
Copy code
org_root
   - dev
   - prod
At the moment we use github actions with a "jump" role -> 1) GH Action OIDC -> 
org_root
2) assume role with credentials from 
org_root
-> 
dev
The reason is that we do not need to maintain multiple OIDC connections for each account. B) Can I use Pulumi Deployments with this setup?
l
Since I am not an org admin, does that mean I can only use REST API?
Only org admins can configure stack settings, but anyone with stack write permissions can trigger a deployment.
Can I use Pulumi Deployments with this setup?
I believe it should be possible. If you have trouble please reach out as this is definitely something we'd like to support.
g
Thanks, I'll take a look. However, I find this 
Only org admins can configure stack settings
an extremely limiting feature because Team subscription only allows 1 admin
l
I agree with you. We plan on removing that limitation eventually. It is a result of the fact that deployments relies on an organization level token. In the short term, we expect that we'll release support for defining deployment settings in code this week: https://github.com/pulumi/pulumi-pulumiservice/pull/122 This would allow you to define a stack that configures deployment settings across your entire organization. Once your admin has created and configured deployment settings for that stack, then it can be updated whenever a PR is approved and merged automatically.
g
Yeah I've been longing for a better IAM capabilities in pulumi and this sounds like a good workaround
2 Views
Open in Slack
PreviousNext
Powered by