Merge "Update Barbican Orders policy for secure-rbac"

environments/enable-secure-rbac.yaml

@@ -3040,6 +3040,9 @@ parameter_defaults:
     barbican-container_project_member:
       key: "container_project_member"
       value: "rule:member and project_id:%(target.container.project_id)s"
+    barbican-order_project_member:
+      key: "order_project_member"
+      value: "rule:member and project_id:%(target.order.project_id)s"
     barbican-secret_acls_get:
       key: "secret_acls:get"
       value: "rule:secret_project_member and (rule:secret_owner or rule:secret_is_not_private_read) or rule:secret_project_admin"
@@ -3099,10 +3102,10 @@ parameter_defaults:
       value: "rule:member"
     barbican-order_get:
       key: "order:get"
-      value: "rule:member"
+      value: "rule:order_project_member"
     barbican-order_delete:
       key: "order:delete"
-      value: "rule:member"
+      value: "rule:order_project_member"
     barbican-quotas_get:
       key: "quotas:get"
       value: "rule:reader"