This message was deleted.

sparse-intern-71089

02/27/2020, 10:37 PM

This message was deleted.

swift-painter-31084

02/27/2020, 10:49 PM

Per https://www.pulumi.com/docs/intro/console/collaboration/stack-permissions/

colossal-beach-47527

02/27/2020, 11:09 PM

Correct. If a user has

NONE

for their stack permission, then they will not be able to decrypt the secrets for that stack. (In fact, it shouldn’t show up in the organization’s stack list, or in

pulumi stack ls

, etc.) But to clarify, I don’t know what you mean by “has access to a project”. There isn’t any permissions at the “project” level (where project is just a namespace for stacks).

colossal-beach-47527

02/27/2020, 11:11 PM

If you are an administrator of your organization, you can double check the stacks a user has access to and how they got that access by clicking on the name of the person on the organization’s PEOPLE page. (This was a feature we added in the last week or two.)

swift-painter-31084

02/28/2020, 6:43 AM

Thanks for clarifying! I hadn't really delved into setting stack permissions in Pulumi but all of that makes sense. Is there some way to define Pulumi stack access in Pulumi code or scripts?

colossal-beach-47527

02/28/2020, 5:29 PM

No, there currently isn't any way to manage stack permissions using the CLI. We do have a REST API (which is what the Pulumi Console uses), but that isn't currently documented. But if you are enterprising and/or want to automate doing things in-bulk, I can point you towards the right

curl

commands for automating Pulumi Team CRUD.

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.