https://pulumi.com logo
#general
Title
# general
d

damp-magazine-59707

02/29/2024, 10:18 PM
is there a reference anywhere to how the
pulumi
command itself reads its configuration (e.g., from
~/.pulumi/config.json
)? we'd like to set a default organization on a repo-wide basis, but trying to google basically any combination of "pulumi" and "config" comes up with stuff about pulumi project config handling.
l

little-cartoon-10569

02/29/2024, 10:23 PM
Pulumi doesn't have a default organization, and Pulumi's internal configuration wouldn't set that. The organization is stack-level only. I don't think policy-as-code can check your stack backend and login details. You could require that all projects check and assert on the current stack string prefix? However, that would mean that your projects couldn't have local out-of-org stacks created by developers. Which mightn't be a problem, or it might be....
d

damp-magazine-59707

02/29/2024, 10:25 PM
i mean, pulumi's internal configuration definitely has and sets a default organization:
Copy code
% cat ~/.pulumi/config.json 
{
    "backends": {
        "<https://api.pulumi.com>": {
            "defaultOrg": "ohai"
        }
    }
}
the issue we're running into is that various automation APIs behave differently depending on whether or not you have a default org set
for instance, perplexingly, something like
stack_outputs()
requires you to include the org name in the stack name if you don't have an org set, even if you've already selected a project. a project belongs to exactly one org, so that shouldn't be necessary, but it is. if you have a default org set, then that's not needed, and things like
list_stacks()
don't include it, either
l

little-cartoon-10569

02/29/2024, 10:26 PM
I have never seen that file. I don't have it in any of my development environments. How did it get created?
A project doesn't belong to an org. Org is stack level. There's nothing wrong with a project having stacks in 20 orgs.
d

damp-magazine-59707

02/29/2024, 10:26 PM
l

little-cartoon-10569

02/29/2024, 10:28 PM
I've never seen that. Seems like a bad idea. It means that two different people could create what they think is the same stack, but they'll end up in different organizations. Scary.
I'm a fan of explicit and guesswork-elimination 🙂
So back to your original question: setting a default org per repo is different to setting a default org per backend. There is no Pulumi-bound link between a repo and a backend. So you'd need to do this yourself, possibly in your Pulumi project, or possibly in you CI / dev env, via scripts and business processes.
d

damp-magazine-59707

02/29/2024, 10:31 PM
i was just looking for a place to put the config file, tbh. there needs to be a backend in there, but we only use the one backend so it's not a long journey from supplying a common pulumi config to linking a repo to an org
l

little-cartoon-10569

02/29/2024, 10:32 PM
Yep. Well it's a tough one, since the existing support puts the file outside the repo. You could write ~/.pulumi/config.json from a script that you ensure is run regularly or before each deployment.
d

damp-magazine-59707

02/29/2024, 10:32 PM
the answer seems to be to set
PULUMI_CREDENTIALS_PATH
, although I'm not sure that helps us much. https://github.com/pulumi/pulumi/blob/3b4715ae1b825edf8283a94c4990faf679964521/sdk/go/common/workspace/creds.go#L269-L286
l

little-cartoon-10569

02/29/2024, 10:35 PM
I tried to work back from there to see when that's being called, but it dead-ends at
GetBackendConfigDefaultOrg()
. And since that's just getting the default, and not checking that the actual set value matches the default, it's not likely to do everything you need. You may be in a roll-your-own situation.