search

pulumi / pulumi-cloud-requests

Welcome to the public issue tracker for Pulumi Cloud (app.pulumi.com)! Feature requests and bug reports welcome!
10 stars 4 forks source link

Org Access Token with Admin rights not able to create a stack #287

Closed kerruba-milkman closed 1 year ago

kerruba-milkman commented 1 year ago

Expected behavior

An organization token with admin rights should allow users and/or applications (leveraging pulumi-automation) to create new stacks if not already available.

Current behavior

I've created an organization access token with admin flag and I'm using it to create a new stack within the context of an application that uses the pulumi-automation API. The application returns the following error:

error: could not create stack: [403] Only organization administrators can create stacks.

The same error occurs when calling directly the pulumi cli.

Steps to reproduce

  1. Generate a new organization access token with admin rights
  2. Use the generated access token in the environment variable PULUMI_ACCESS_TOKEN
  3. Create a new stack for an existing application using the access token. Choose any applicaton you want, stack must not exist on pulumi beforehand.

Context (Environment)

We need to automate the process of new customers onboarding. To do so, we developed multiple pulumi applications that will deploy different parts of our infrastructure. To coordinate the work between the different applications, we developed an REST API in nodejs that uses the pulumi automation API behind the scenes to deploy a new stack for all the applications involved.

Affected feature

kerruba-milkman commented 1 year ago

A Slack conversation has been started around this topic: https://pulumi-community.slack.com/archives/C019YSXN04B/p1691152855263549

kerruba-milkman commented 1 year ago

Apparently from talking with @jaxxstorm, this actually looks like a bug

djgrove commented 1 year ago

@kerruba-milkman I'm taking a look at this today, thank you for opening the issue