265908ec5f
Add new project scope specific RBAC rules for the orders API. The old rules still apply, but eventually will be deprecated. The new rules do include some changes to default policy, which are documented in the release note. Change-Id: I8e6963d7ab788038102c7f4570b3f2c9a342eabf
16 lines
611 B
YAML
16 lines
611 B
YAML
---
|
|
features:
|
|
- |
|
|
Implement secure-rbac for orders resource.
|
|
security:
|
|
- |
|
|
The current policy allows all users except those with the audit role to
|
|
list orders or retrieve an orders metadata. The new desired policy will
|
|
restrict this to members. For backwards compatibility, the old policies
|
|
remain in effect, but they are deprecated and will be removed in future,
|
|
leaving the more restrictive new policy.
|
|
- |
|
|
The new secure-rbac policy allows for secret deletion by members. This is
|
|
a change from the previous policy that only allowed deletion by the
|
|
project admin.
|