-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Be able to use multiple accounts simultanously. #6029
Comments
An implementation suggestion just off top of head to inspire :)
|
We added a Adding documentation for that in pulumi/docs#4874. That env var doesn't add any explicit profile management (which I think is ultimately just about assigning an alias "profile" name to the backend URL), but I'm inclined to think this isn't particularly high value in and of itself. The major improvement |
In my case the backend urls I'm using for multiple "profiles" are |
In that case you don't need to login/logout at all - you are using the same backend the whole time, just different credentials. If you just set |
Yes that's what I'll do. I however think it would be a quality of life improvement to support the idea as first class feature and thus support |
I blogged about my approach here https://dhickey.ie/2021/01/24/pulumi-multiple-accounts/ |
Dropped in a gist here for linux users: https://gist.github.com/codeweft/2dd50dac3ae0dc2f69ab6ac954d4eded |
Could Pulumi perhaps support a |
How does this work when I want to use |
Possibly need to clarify this comment. The scenario is that credentials for backend are different from credentials needed for |
Using version |
Nearly 3 years. Close if it's not going to happen? |
@damianh I think you should reopen this. Despite the length of time this has been open for, this still remains a useful feature to add. Also based on the conversation thus far in this issue, I think some clarity is needed on the ask here. Specifically, I believe the ask is for switching between Pulumi Cloud accounts that belong to the same cloud backend URL, for eg. If I have a user This is not a problem for self-managed backends since the backend URLs are different if you are using different buckets between your "accounts". |
Re-opened as requested (however it is getting really long in the tooth...)
Correct. Though I can't speak for enterprise self-hosted cloud - I've not used that. |
I don't agree with this. I like to have .env.local files in the root of my projects and load them automatically with direnv. The AWS cli picks its env vars from there automatically and I am confident that every AWS command I run in each project is done so against that project's account. This is what I would expect to happen with pulumi and its PULUMI_ACCESS_TOKEN. |
for reference, I used this script. I named pulumi and it's placed on PATH before the actual pulumi binary. It loads the env vars, optionally sources a a script with the profile name (useful to load other variables for example) and then calls pulumi it self
|
I am writing to highlight a significant challenge faced by DevOps engineers managing multiple projects (4 and more) or companies with separate accounts on https://app.pulumi.com. Currently, for each project, engineers must execute a series of steps to log in to the appropriate Pulumi account: > cd projectX > pulumi logout > pulumi login ...find and copy access token projectX > [insert access token projectX] This process is cumbersome and prone to human error. Forgetting to switch accounts could result in pushing state of one project into another state, leading to potential chaos and disruption of business-critical services 😱 it's surprising that there are currently no solutions offered to manage multiple Pulumi accounts more efficiently. SolutionThe simplest solution to this issue could be to add a backend:
credentials_path: ./secret/project-x-credentials.json This approach would provide a clear, project-specific reference to the appropriate credentials, streamlining the workflow for DevOps engineers managing multiple projects and reducing the likelihood of errors. |
Chipping in, you can just move the complete |
I kind of agree with what you are saying and it's quite possible that, if you have the same project/stack deployed in multiple accounts and made a code change meant for one account and were logged into another, then yeah you could accidentally apply the change to the project/stack in the wrong account. However, ideally, you have a separate repo for each account that you are deploying the project to, so you can make independent code changes. Note that I say "ideally" because there may be instances where you can't do that. Having said that, I think that the stack config file Lastly, I think it would be simple to have the CLI allow switching between service-backend accounts and cache them in the same file as it does today. Something like |
This is not bug report but a feature request.
I have multiple pulumi profiles under different email addresses and I keep forgetting which one I'm logged into which is causing some issues. Sometimes I need want to work on different accounts concurrently (in different terminal sessions of course).
pulumi login
is a machine wide state and having to login -> logout -> login -> logout is proving tiresome and error prone.As an example, AWS has the concept of profiles to address this issue. In my terminal I set an environment variable
AWS_PROFILE
and then all subsequent aws cli operations will use that. In a different terminal session I might use a differentAWS_PROFILE
. There is also the--profile
argument for cli operations. Perhaps Pulumi could do something similar?The text was updated successfully, but these errors were encountered: