mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 19:17:58 +00:00
a4f67a6b2b
* created new JsonTemplate component * used JsonTemplate in modal PolicyTemplate to replace code there * renamed component and fixed when the editor content shows up * changed PolicyForm to render example modal only conditionally. added desription to policy-example.js * fixed bug in policy-example.js & edited description of that file, removed functionality from policy-template.js (it is already in policy-example.js) * changed margin on text to better match Figma design, added example modal for when editing a policy * added tests for PolicyExample in policy-example-tests * added PolicyForm tests for (1) cancelling the creation/edit of policy and (2) properly rendering the policy example modal * add changelog * clean up code by removing unnecessary comments * changed a conditional in policy-form.hbs for better readability (Kianna's comment) * fixed description in policy-example.js, changed wording for RGP example, changed wording in policy-form-test.js * added 2 more asserts in policy-form-test.js. Changed some naming for selectors in the test file * added EGP policy to PolicyExample component, moved some functionality from .hbs to .js file and vise versa * added tests to policy-exammple-test.js and policy-form-test.js to account for new EGP policy * simplified all PolicyExample tests in policy-exmaple-test.js * removed beforeEach hook in policy-exmaple-test.js
50 lines
2.3 KiB
Handlebars
50 lines
2.3 KiB
Handlebars
<div class="has-bottom-margin-s">
|
|
{{#if (eq @policyType "acl")}}
|
|
<p data-test-example-modal-text="acl">
|
|
ACL Policies are written in Hashicorp Configuration Language (
|
|
<ExternalLink @href="https://github.com/hashicorp/hcl">HCL</ExternalLink>
|
|
) or JSON and describe which paths in Vault a user or machine is allowed to access. Here is an example policy:
|
|
</p>
|
|
{{else if (eq @policyType "rgp")}}
|
|
<p class="has-bottom-margin-s" data-test-example-modal-text="rgp">
|
|
Role Governing Policies (RGPs) are tied to client tokens or identities which is similar to
|
|
<DocLink @path="/vault/tutorials/policies/policies">ACL policies</DocLink>. They use
|
|
<DocLink @path="/vault/docs/enterprise/sentinel">Sentinel</DocLink>
|
|
as a language framework to enable fine-grained policy decisions.
|
|
</p>
|
|
<p>
|
|
Here is an example policy that uses RGP to restrict access to the
|
|
<code class="tag is-marginless is-paddingless">admin</code>
|
|
policy such that a user named "James Thomas" or has the
|
|
<code class="tag is-marginless is-paddingless">Team Lead</code>
|
|
role can manage the
|
|
<code class="tag is-marginless is-paddingless">admin</code>
|
|
policy:
|
|
</p>
|
|
{{else}}
|
|
<p class="has-bottom-margin-s" data-test-example-modal-text="egp">
|
|
Endpoint Governing Policies (EGPs) are tied to particular paths (e.g.
|
|
<code class="tag is-marginless is-paddingless">aws/creds/</code>
|
|
) instead of tokens. They use
|
|
<ExternalLink @href="https://docs.hashicorp.com/sentinel/language">Sentinel</ExternalLink>
|
|
as a language to access
|
|
<DocLink @path="/vault/docs/enterprise/sentinel/properties">properties</DocLink>
|
|
of the incoming requests.
|
|
</p>
|
|
<p>
|
|
Here is an example policy that fulfills the requirement of an incoming request to be performed during the business
|
|
hours 7:00am to 6:00pm on work days:
|
|
</p>
|
|
{{/if}}
|
|
</div>
|
|
<JsonEditor @value={{get this.policyTemplates @policyType}} @mode="ruby" @readOnly={{true}} @showToolbar={{true}} />
|
|
<div class="has-bottom-margin-m has-top-padding-s">
|
|
<p>
|
|
More information about
|
|
{{uppercase @policyType}}
|
|
policies can be found
|
|
<DocLink @path={{get this.moreInformationLinks @policyType}} data-test-example-modal-information-link>
|
|
here.
|
|
</DocLink>
|
|
</p>
|
|
</div> |