Summary
- Added
setFieldstoEnvironmentObjectandEnvironmentObjectLinkresponses, andunsetFieldsto environment object link update overrides. Together they let clients distinguish a set-but-masked secret from an unset field, and clear a link override so it falls back to its parent value. - Changed the permission required to update Team roles from the org-wide
organization.teams.updatetoorganization.teamRoles.access. This fixes a regression where callers with only deployment-scoped team permissions received403errors when assigning a Team to a Deployment.
Added
- Properties
setFields(array of strings, required): added toEnvironmentObjectandEnvironmentObjectLink. Names the value and override fields that currently hold a value, including masked secrets. Map members are reported as dotted paths (for exampleextra.aws_secret).unsetFields(array of strings, maximum 100 items): added toUpdateEnvironmentObjectOverridesRequest. Names override fields to unset on a link so it inherits the parent value. A field can’t be both set and listed inunsetFieldsin the same request.
Changed
POST /organizations/{organizationId}/teams/{teamId}/roles(UpdateTeamRoles) now requires theorganization.teamRoles.accesspermission instead oforganization.teams.update. Individual role changes in the request are still authorized against their own scope (organization, workspace, or deployment).