Currently a stack can be administrative, which means that can create resources for its space and child spaces. However, there’s no way to create resources for parent or sibling spaces.
Among other possibilities, this is useful to create contexts to other spaces (parents/siblings) in a programmatic way, while protecting some sensitive contexts from inheritance.
Use case:
‘root’ space has 2 childs (‘users’ and ‘admins’). ‘root’ space contains shared resources for both of them (shared credentials, TF modules, admin stacks, etc).
‘admin‘ space contains a context with org-admin credentials, which can NOT be shared to ‘users‘ space for security reasons. Since both childs inherit from ‘root‘, the org-admin credentials’ context can NOT be on ‘root’.
Then, a stack in ‘admin‘ space (by using the org-admin credentials) creates projects with scoped credentials for each of them, and these new credentials are now safe to be shared to and used from ‘users‘ space. To do so, after creating the new credentials, the stack with “super administrative“ privileges creates different contexts in ‘users‘ space for the stacks there to consume them. Alternatively, those different contexts could be created also in `root` space so they would be shared to all.
Please authenticate to join the conversation.
👀 In Review
💡 Feature Requests
Stack Dependencies
19 days ago
Get notified by email when there are changes.
👀 In Review
💡 Feature Requests
Stack Dependencies
19 days ago
Get notified by email when there are changes.