Question about 'More flexible authorization model' in 1.17.1

Hi,

I am trying to configure RBAC for application creation, as described in: https://www.spinnaker.io/community/releases/versions/1-17-0-changelog#restrict-application-creation-permissions

In the section above there is sample config yaml that allows only users from certain LDAP group to create applications with given name. I have tried following example, however the the restriction does not work. I am clear where I misconfigured.

My steps were:

  1. Add fiat.restrictApplicationCreation: true to profiles/fiat-local.yml
  2. Add modified (different domain for LDAP groups) auth.permissions.source.application.prefix snippet from https://www.spinnaker.io/community/releases/versions/1-17-1-changelog#more-flexible-authorization-model to profiles/fiat-local.yml
  3. Re-deploy Spinnaker

For version 1.17.1 after the re-deploy any user from any group could create application with any name

Thank you.