Rename admin-rule to authorization-rule

This is a preparatory step to add access-control for read-level
access to the API and web UI.  Because we will likely end up with
tenant config that looks like:

- tenant:
    name: example
    admin-rules: ['my-admin-rule']
    access-rules: ['my-read-only-rule']

It does not make sense for 'my-read-only-rule' to be defined as:

- admin-rule:
    name: read-only-rule

In other words, the current nomenclature conflates (new word:
nomenconflature) the idea of an abstract authorization rule and
what it authorizes.  The new name makes it more clear than an
authorization-rule can be used to authorize more than just admin
access.

Change-Id: I44da8060a804bc789720bd207c34d802a52b6975

1 files changed, 24 insertions, 0 deletions

diff --git a/releasenotes/notes/authz-rule-55a6db54340f2e08.yaml b/releasenotes/notes/authz-rule-55a6db54340f2e08.yaml
new file mode 100644
index 000000000..d3b3fa5f1
--- /dev/null
+++ b/releasenotes/notes/authz-rule-55a6db54340f2e08.yaml
@@ -0,0 +1,24 @@
+---
+upgrade:
+  - |
+    In preparation for expanded access control features in the web
+    interface, and REST API, the ``admin-rule`` tenant configuration
+    object has been renamed to ``authorization-rule``.  When applied
+    to a tenant, the tenant attribute is still ``admin-rules`` since
+    it determines admin access to that tenant.  This change will allow
+    similar rules to be applied to non-admin level access in the
+    future.
+
+    Tenant configs should now follow this example:
+
+    .. code-block:: yaml
+
+       - authorization-rule:
+           name: example-rule
+       - tenant:
+           name: example-tenant
+           admin-rules:
+             - example-rule
+
+    The old form is still permitted for backwards compatability, but
+    will be removed in a later version of Zuul.