https://pulumi.com logo
Join Slack
Powered by
is there a reference anywhere to how the `pulumi` ...
# general
d
is there a reference anywhere to how the 
pulumi
command itself reads its configuration (e.g., from 
~/.pulumi/config.json
)? we'd like to set a default organization on a repo-wide basis, but trying to google basically any combination of "pulumi" and "config" comes up with stuff about pulumi project config handling.
l
Pulumi doesn't have a default organization, and Pulumi's internal configuration wouldn't set that. The organization is stack-level only. I don't think policy-as-code can check your stack backend and login details. You could require that all projects check and assert on the current stack string prefix? However, that would mean that your projects couldn't have local out-of-org stacks created by developers. Which mightn't be a problem, or it might be....
d
i mean, pulumi's internal configuration definitely has and sets a default organization:
Copy code
% cat ~/.pulumi/config.json 
{
    "backends": {
        "<https://api.pulumi.com>": {
            "defaultOrg": "ohai"
        }
    }
}
the issue we're running into is that various automation APIs behave differently depending on whether or not you have a default org set
for instance, perplexingly, something like 
stack_outputs()
requires you to include the org name in the stack name if you don't have an org set, even if you've already selected a project. a project belongs to exactly one org, so that shouldn't be necessary, but it is. if you have a default org set, then that's not needed, and things like 
list_stacks()
don't include it, either
l
I have never seen that file. I don't have it in any of my development environments. How did it get created?
A project doesn't belong to an org. Org is stack level. There's nothing wrong with a project having stacks in 20 orgs.
d
l
I've never seen that. Seems like a bad idea. It means that two different people could create what they think is the same stack, but they'll end up in different organizations. Scary.
I'm a fan of explicit and guesswork-elimination 🙂
So back to your original question: setting a default org per repo is different to setting a default org per backend. There is no Pulumi-bound link between a repo and a backend. So you'd need to do this yourself, possibly in your Pulumi project, or possibly in you CI / dev env, via scripts and business processes.
d
i was just looking for a place to put the config file, tbh. there needs to be a backend in there, but we only use the one backend so it's not a long journey from supplying a common pulumi config to linking a repo to an org
l
Yep. Well it's a tough one, since the existing support puts the file outside the repo. You could write ~/.pulumi/config.json from a script that you ensure is run regularly or before each deployment.
d
the answer seems to be to set 
PULUMI_CREDENTIALS_PATH
, although I'm not sure that helps us much. https://github.com/pulumi/pulumi/blob/3b4715ae1b825edf8283a94c4990faf679964521/sdk/go/common/workspace/creds.go#L269-L286
l
I tried to work back from there to see when that's being called, but it dead-ends at 
GetBackendConfigDefaultOrg()
. And since that's just getting the default, and not checking that the actual set value matches the default, it's not likely to do everything you need. You may be in a roll-your-own situation.
2 Views
Open in Slack
PreviousNext
Powered by