Pulumi Development Team is expanding its Infrastructure-AS Code (IAC) platform with new tasks to automate safety and access control around cloud resources. Among other things, a system for the integration of zethab action for secrets management when working with a system for roll-based access control (RBAC), automatic rotation of registration data and CI/CD pipelines.
Automated Mystery Rotation and Integrated Github Workflows
In Pulumi ESC (environment, mystery and configuration management), users can now automatically rotate mysteries for static login data. Its purpose is to be able to increase safety and also to meet compliance requirements in the environment which is not switching to the dynamic login data. The rotten mystery function allows you to start changes if necessary or control it through rotation scheme. It follows the two-second strategy, so that both login information is available in the transition phase. To be able to understand and examine all changes, the time of change by changing each change and who has accessed.
As an alternative to stable mysteries and registration data, it enables dynamics to dynamically insert the integration of github functions in Pulumi ESC development teams and rotate this information in its workflow as required. Any ESC commandos can also be done in Github Action Workflows, for example to make, update, or switch as part of the CI/CD process. To do this, the github action can download the Pulumi Esc CLI and either insert all the environmental variables-or even from the Escay environment. An example is shown in the following list how a simple workflow can be made in Github, from registration in Pulumi cloud to insertion of the environment:
on:
- pull_request
permissions:
id-token: write
contents: read
jobs:
test-env-injection:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Authenticate with Pulumi Cloud
uses: pulumi/auth-actions@v1
with:
organization: pulumi
requested-token-type: urn:pulumi:token-type:access_token:organization
- name: Install and inject ESC environment variables
uses: pulumi/esc-action@v1
with:
environment: 'tinyco/someProject/myEnv@stable'
- name: Verify environment variables
run: |
echo "FOO=$FOO"
echo "SOME_IMPORTANT_KEY=$SOME_IMPORTANT_KEY"
echo "TEST_ENV=$TEST_ENV"
Role-based access control for the entire Pulumi Cloud
To be able to be able to improve better within an organization, people who can reach resources and change them, introduce a system to the Pulumi role-based access control (RBAC). The system should work equally in all products in Pulumi Cloud and regulate access to resources such as IAC stack, ESC environment and insight accounts. Users can thus configure specific permissions for access to users and team levels in detail. Roll -Accessed Access Fake can also be controlled that automated procedures have only necessary authority.
New tasks Rolled mystery, Integration of github actions Also expand Policy-AS-Code capabilities in Pulumi insights Users are already fully available. For the declared RBAC system, specific start date should be followed soon.
(Map)
