Manage contexts

[abennett]

I'm interested in adding a new set of subcommands like:

• context create
• context update
• context delete
• context list

But I would like to solicit input of how the inputs should be supplied, with special consideration for sensitive writeOnly values.

[marcinwyszynski]

We're trying to keep a clear boundary between the scope of our Terraform provider, and spacectl. The latter is supposed to do things that are not a great fit for the former. Since managing the lifecycle of resources like contexts is generally handled by IaC, I'd be curious to learn what your use case is @abennett? Why would you need to create contexts from the CLI as opposed to writing a bit of Terraform?

[abennett]

Hey, @marcinwyszynski!

Our AWS roles that Spacelift uses are configured without the ability to mutate IAM as an additional risk mitigation. To compensate for this, I have written an accompanying CLI that goes through the following steps:

• Create AWS session credentials with greater privileges
• Detach the cloud integrations
• Create a new context with the session creds
• Attach them to the stack
• Wait for a SIGINT whilst I apply
• Detach context
• Delete context
• Reattach cloud integrations

I suppose it is a bit niche, and I am pretty satisfied with my custom solution if we wanted to avoid exposing contexts in spacectl.