mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-26 23:05:11 +00:00
018674a798
* http://localhost:4200/ui/vault/secrets/kubernetes/kubernetes/roles/test/details readOnly JsonEditor to Hds::CodeBlock * http://localhost:4200/ui/vault/policies/acl/create readonly JsonEditor to Hds::CodeBlock * http://localhost:4200/ui/vault/policy/acl/default readonly JsonEditor to Hds::CodeBlock * http://localhost:4200/ui/vault/access/oidc/scopes/test/details readonly JsonEditor to Hds::CodeBlock * http://localhost:4200/ui/vault/access/oidc/scopes/create readonly JsonEditor to Hds::CodeBlock * fix (some) tests * fix remaining tests * add changelog
71 lines
2.9 KiB
Handlebars
71 lines
2.9 KiB
Handlebars
{{!
|
|
Copyright (c) HashiCorp, Inc.
|
|
SPDX-License-Identifier: BUSL-1.1
|
|
~}}
|
|
|
|
<div class="has-bottom-margin-s">
|
|
{{#if (eq @policyType "acl")}}
|
|
<p data-test-example-modal-text="acl">
|
|
<Hds::Link::Inline @isHrefExternal={{true}} @href={{doc-link "/vault/tutorials/get-started/introduction-policies"}}>ACL
|
|
Policies</Hds::Link::Inline>
|
|
are written in Hashicorp Configuration Language (
|
|
<Hds::Link::Inline @isHrefExternal={{true}} @href="https://github.com/hashicorp/hcl">HCL</Hds::Link::Inline>
|
|
) or JSON and describe which paths in Vault a user or machine is allowed to access. Here is an example policy:
|
|
</p>
|
|
{{else if (eq @policyType "rgp")}}
|
|
<p class="has-bottom-margin-s" data-test-example-modal-text="rgp">
|
|
Role Governing Policies (RGPs) are tied to client tokens or identities which is similar to
|
|
<Hds::Link::Inline @isHrefExternal={{true}} @href={{doc-link "/vault/tutorials/policies/policies"}}>ACL policies</Hds::Link::Inline>.
|
|
They use
|
|
<Hds::Link::Inline
|
|
@isHrefExternal={{true}}
|
|
@href={{doc-link "/vault/docs/enterprise/sentinel"}}
|
|
>Sentinel</Hds::Link::Inline>
|
|
as a language framework to enable fine-grained policy decisions.
|
|
</p>
|
|
<p>
|
|
Here is an example policy that uses RGP to restrict access to the
|
|
<Hds::Text::Code class="code-in-text">admin</Hds::Text::Code>
|
|
policy such that a user named "James Thomas" or has the
|
|
<Hds::Text::Code class="code-in-text">Team Lead</Hds::Text::Code>
|
|
role can manage the
|
|
<Hds::Text::Code class="code-in-text">admin</Hds::Text::Code>
|
|
policy:
|
|
</p>
|
|
{{else}}
|
|
<p class="has-bottom-margin-s" data-test-example-modal-text="egp">
|
|
Endpoint Governing Policies (EGPs) are tied to particular paths (e.g.
|
|
<Hds::Text::Code class="code-in-text">aws/creds/</Hds::Text::Code>
|
|
) instead of tokens. They use
|
|
<Hds::Link::Inline
|
|
@isHrefExternal={{true}}
|
|
@href="https://docs.hashicorp.com/sentinel/language"
|
|
>Sentinel</Hds::Link::Inline>
|
|
as a language to access
|
|
<Hds::Link::Inline
|
|
@isHrefExternal={{true}}
|
|
@href={{doc-link "/vault/docs/enterprise/sentinel/properties"}}
|
|
>properties</Hds::Link::Inline>
|
|
of the incoming requests.
|
|
</p>
|
|
<p>
|
|
Here is an example policy that fulfills the requirement of an incoming request to be performed during the business
|
|
hours 7:00am to 6:00pm on work days:
|
|
</p>
|
|
{{/if}}
|
|
</div>
|
|
<Hds::CodeBlock @value={{get this.policyTemplates @policyType}} @language="ruby" @hasCopyButton={{true}} />
|
|
<div class="has-bottom-margin-m has-top-padding-s">
|
|
<p>
|
|
More information about
|
|
{{uppercase @policyType}}
|
|
policies can be found
|
|
<Hds::Link::Inline
|
|
@isHrefExternal={{true}}
|
|
@href={{doc-link (get this.moreInformationLinks @policyType)}}
|
|
data-test-example-modal-information-link
|
|
>
|
|
here.
|
|
</Hds::Link::Inline>
|
|
</p>
|
|
</div> |