I am trying to configure RBAC for application creation, as described in: https://www.spinnaker.io/community/releases/versions/1-17-0-changelog#restrict-application-creation-permissions
In the section above there is sample config yaml that allows only users from certain LDAP group to create applications with given name. I have tried following example, however the the restriction does not work. I am clear where I misconfigured.
My steps were:
- Add fiat.restrictApplicationCreation: true to profiles/fiat-local.yml
- Add modified (different domain for LDAP groups) auth.permissions.source.application.prefix snippet from https://www.spinnaker.io/community/releases/versions/1-17-1-changelog#more-flexible-authorization-model to profiles/fiat-local.yml
- Re-deploy Spinnaker
For version 1.17.1 after the re-deploy any user from any group could create application with any name