Specify pulumi access token per command run (#263)

* Specify pulumi access token per command run * changelog * feedback
pulumi · Mar 14, 2024 · 3484c0a · 3484c0a
1 parent 71261ad
commit 3484c0a
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 12 deletions.
diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
@@ -4,3 +4,6 @@
   [#264](https://github.com/pulumi/esc/pull/264)
 
 ### Bug Fixes
+
+- Specify pulumi access token per command run.
+  [#263](https://github.com/pulumi/esc/pull/263)
diff --git a/cmd/esc/cli/login.go b/cmd/esc/cli/login.go
@@ -67,11 +67,8 @@ func newLoginCmd(esc *escCommand) *cobra.Command {
 				if err != nil {
 					return fmt.Errorf("could not determine current cloud: %w", err)
 				}
-				if account == nil {
-					backendURL = "https://api.pulumi.com"
-				} else {
-					backendURL = account.BackendURL
-				}
+
+				backendURL = esc.workspace.GetCurrentCloudURL(account)
 				shared = isShared
 			}
 
@@ -157,7 +154,33 @@ func (esc *escCommand) getCachedClient(ctx context.Context) error {
 		return fmt.Errorf("could not determine current cloud: %w", err)
 	}
 	if account == nil {
-		return fmt.Errorf("no credentials. Please run `%v login` to log in.", esc.command)
+		backendURL := esc.workspace.GetCurrentCloudURL(nil)
+
+		nAccount, err := esc.login.Login(
+			ctx,
+			backendURL,
+			false,
+			"esc",
+			"Pulumi ESC environments",
+			nil,
+			false,
+			display.Options{Color: esc.colors},
+		)
+
+		if err != nil {
+			return fmt.Errorf("could not determine current cloud: %w", err)
+		}
+
+		defaultOrg, err := esc.workspace.GetBackendConfigDefaultOrg(backendURL, nAccount.Username)
+		if err != nil {
+			return fmt.Errorf("could not determine default org: %w", err)
+		}
+
+		account = &workspace.Account{
+			Account:    *nAccount,
+			BackendURL: backendURL,
+			DefaultOrg: defaultOrg,
+		}
 	}
 
 	if err := esc.checkBackendURL(account.BackendURL); err != nil {

diff --git a/cmd/esc/cli/login_test.go b/cmd/esc/cli/login_test.go
@@ -7,19 +7,19 @@ import (
 	"testing"
 
 	"github.com/pulumi/esc/cmd/esc/cli/workspace"
+	"github.com/pulumi/pulumi/pkg/v3/backend/httpstate"
 	pulumi_workspace "github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestNoCreds(t *testing.T) {
 	fs := testFS{}
-	esc := &escCommand{workspace: workspace.New(fs, &testPulumiWorkspace{})}
+	esc := &escCommand{
+		workspace: workspace.New(fs, &testPulumiWorkspace{}),
+		login:     httpstate.NewLoginManager(),
+	}
 	err := esc.getCachedClient(context.Background())
-	assert.ErrorContains(t, err, "no credentials")
-
-	esc.command = "pulumi"
-	err = esc.getCachedClient(context.Background())
-	assert.ErrorContains(t, err, "pulumi login")
+	assert.ErrorContains(t, err, "could not determine current cloud")
 }
 
 func TestInvalidSelfHostedBackend(t *testing.T) {

diff --git a/cmd/esc/cli/workspace/credentials.go b/cmd/esc/cli/workspace/credentials.go
@@ -20,11 +20,16 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
+	"os"
 	"path"
 
 	"github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
 )
 
+// PulumiBackendURLEnvVar is an environment variable which can be used to set the backend that will be
+// used instead of the currently logged in backend or the current projects backend.
+const PulumiBackendURLEnvVar = "PULUMI_BACKEND_URL"
+
 // Account holds details about a Pulumi account.
 type Account struct {
 	workspace.Account
@@ -62,6 +67,18 @@ func (w *Workspace) GetAccount(backendURL string) (*Account, error) {
 	}, nil
 }
 
+func (w *Workspace) GetCurrentCloudURL(account *Account) string {
+	if account != nil {
+		return account.BackendURL
+	}
+
+	if backend := os.Getenv(PulumiBackendURLEnvVar); backend != "" {
+		return backend
+	}
+
+	return "https://api.pulumi.com"
+}
+
 // GetCurrentAccount returns information about the currently logged-in account.
 func (w *Workspace) GetCurrentAccount(shared bool) (*Account, bool, error) {
 	// Read esc account.