Here's an easy one: I demoed Pulumi to my archite...
# general
Here's an easy one: I demoed Pulumi to my architecture guild. They loved it, but raised a few questions I couldn't answer. The biggest one was around user security of stacks. Let's say I have 4 stacks: 1. the personal dev stack of a devops who wants to test code on his/her own 2. the shared dev stack for a team, which gets updated once code goes to develop 3. the uat stack 4. the prod stack How can I protect stacks so that the dev can create / destroy 1, but our CICD pipeline manages the other 3? So the dev has rights to stack 1, but no rights to muss with stacks 2, 3, and 4?
The role-based access control features in the Pulumi Console were designed for this.
👍 1
Your dev would have
to 1 and
to 2, 3, and 4. Your CICD pipeline would have `WRITE to 2, 3, and 4.
Your dev could have
to 2, 3, and 4 if you wanted to allow it. That way they can see the changes that occur and even run previews against those stacks, but would not be allowed to make changes to them.
👍 1
Sick, that's exactly what I was after. Cheers.
👍 1