diff options
author | James E. Blair <jim@acmegating.com> | 2022-09-22 14:14:57 -0700 |
---|---|---|
committer | James E. Blair <jim@acmegating.com> | 2022-10-06 15:38:24 -0700 |
commit | 3a0eaa1ffea1a32d4f11864485f2883194a99354 (patch) | |
tree | 0f5e9e0428e7e90cf9b16c87b868d0bb0906b36e /releasenotes/notes/authz-rule-55a6db54340f2e08.yaml | |
parent | 24d9076b765441a1813aa15af3ff7790fec2929d (diff) | |
download | zuul-3a0eaa1ffea1a32d4f11864485f2883194a99354.tar.gz |
Rename admin-rule to authorization-rule
This is a preparatory step to add access-control for read-level
access to the API and web UI. Because we will likely end up with
tenant config that looks like:
- tenant:
name: example
admin-rules: ['my-admin-rule']
access-rules: ['my-read-only-rule']
It does not make sense for 'my-read-only-rule' to be defined as:
- admin-rule:
name: read-only-rule
In other words, the current nomenclature conflates (new word:
nomenconflature) the idea of an abstract authorization rule and
what it authorizes. The new name makes it more clear than an
authorization-rule can be used to authorize more than just admin
access.
Change-Id: I44da8060a804bc789720bd207c34d802a52b6975
Diffstat (limited to 'releasenotes/notes/authz-rule-55a6db54340f2e08.yaml')
-rw-r--r-- | releasenotes/notes/authz-rule-55a6db54340f2e08.yaml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/releasenotes/notes/authz-rule-55a6db54340f2e08.yaml b/releasenotes/notes/authz-rule-55a6db54340f2e08.yaml new file mode 100644 index 000000000..d3b3fa5f1 --- /dev/null +++ b/releasenotes/notes/authz-rule-55a6db54340f2e08.yaml @@ -0,0 +1,24 @@ +--- +upgrade: + - | + In preparation for expanded access control features in the web + interface, and REST API, the ``admin-rule`` tenant configuration + object has been renamed to ``authorization-rule``. When applied + to a tenant, the tenant attribute is still ``admin-rules`` since + it determines admin access to that tenant. This change will allow + similar rules to be applied to non-admin level access in the + future. + + Tenant configs should now follow this example: + + .. code-block:: yaml + + - authorization-rule: + name: example-rule + - tenant: + name: example-tenant + admin-rules: + - example-rule + + The old form is still permitted for backwards compatability, but + will be removed in a later version of Zuul. |