bf57d76ec7
The original design for workload identities and ACLs allows for operators to extend the automatic capabilities of a workload by using a specially-named policy. This has shown to be potentially unsafe because of naming collisions, so instead we'll allow operators to explicitly attach a policy to a workload identity. This changeset adds workload identity fields to ACL policy objects and threads that all the way down to the command line. It also a new secondary index to the ACL policy table on namespace and job so that claim resolution can efficiently query for related policies.
4 lines
132 B
Plaintext
4 lines
132 B
Plaintext
```release-note:improvement
|
|
cli: `acl policy info` output format has changed to improve readability with large policy documents
|
|
```
|