eade0cfc71
Add new project scope specific RBAC rules for the secrets API. The old rules still apply, but eventually will be deprecated. The new rules do include some changes to default policy, which are documented in the release note. Change-Id: Ibe9aac10edbf43c106eaa1769af5ee777a4be5aa
14 lines
478 B
YAML
14 lines
478 B
YAML
---
|
|
features:
|
|
- |
|
|
Implement secure-rbac for secrets resource.
|
|
security:
|
|
- |
|
|
The new secure-rbac policy allows for two-step secret creation to be done
|
|
by any member. This is a change from the previous policy that only allowed
|
|
step two to be performed by the creator.
|
|
- |
|
|
The new secure-rbac policy allows for secret deletion by members. This is
|
|
a change from the previous policy that only allowed deletion by the
|
|
creator or the project admin.
|