zuul/releasenotes/notes/config-allowed-projects-e82586c215879f28.yaml
James E. Blair 9021fdf8bb Allow config projects to override allowed-projects
To handle the case where an untrusted project defines a job with
a secret which another project would like to run, allow a config
project to attach that job to a project-pipeline and have it run
regardless of the allowed-projects setting.

Normally, untrusted jobs with secrets have an implicit and
non-overridable allowed-projects setting of only that project, to
avoid a situation where another project with a trusted post-review
pipeline gains access to the secret by using a Depends-On to a
change which lifts the allowed-projects restriction.  This change
allows a config project to bypass this, in effect saying that the
projects involved trust each other sufficiently (or else, do not
have access to a post-review pipeline which could be used to
obtain secrets).

Change-Id: I52ab193d0e39a37de64c8b3cb6953538e4073b43
2019-06-24 09:32:25 -07:00

8 lines
242 B
YAML

---
features:
- |
Config projects may now add any job to any project's pipelines,
regardless of the setting of allowed-projets (including the implicit
setting of allowed-projects on jobs with secrets in untrusted
projects).