upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-19 02:49:18 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
vault/ui/lib/core/addon/components/policy-example.js
Vault Automation 56de87a0c8
UI: Implement visual policy builder (#11250) (#11367) 
* replace Hds::Reveal with Hds::Accordion

* adjust spacing to render in Hds::Form component

* fix spacing in policy-example

* cleanup form-section class usage

* implement visual builder in create policy form

* hide visual editor in search select modal

* use general selectors, alphabetize form/field selectors

* update test coverage to check for visual policy editor

* reorganzie tests by module

* add saving functionality for visual editor

* refactor event handling methods

* refactor component so parent manages stanzas

* move snippets to automation-snippets tab component

* polish up policy diff modal

* refactor arg to be isCompact

* update test coverage and export new component

* rearrange methods to make diff easier

* small cleanup, abc vars and remove unneeded change

* add lanuage and update test coverage

* update comment

* fix form hierarchy

* fix modal spacing;

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2025-12-15 20:42:13 +00:00

78 lines
2.4 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* Copyright IBM Corp. 2016, 2025
* SPDX-License-Identifier: BUSL-1.1
*/
import Component from '@glimmer/component';
/**
* @module PolicyExample
* The PolicyExample component receives a policy type ('acl', 'rgp', or 'egp') and renders a copyable policy example of
* that type using the JsonEditor component. Inside a modal, the PolicyExample component must be wrapped in a conditional
* (example below), otherwise the JsonEditor value won't render until it's focused.
*
* @example
* <PolicyExample @policyType="acl" />
* @example
* <PolicyExample @policyType="rgp" />
* @example
* <PolicyExample @policyType="egp" />
*
* @param {string} policyType - policy type to decide which template to render; can either be "acl" or "rgp"
*/
export default class PolicyExampleComponent extends Component {
// formatting here is purposeful so that whitespace renders correctly in JsonEditor
policyTemplates = {
acl: `# Grant 'create', 'read' , 'update', and list permission
# to paths prefixed by 'secret/*'
path "secret/*" {
capabilities = [ "create", "read", "update", "list" ]
}
# Even though we allowed secret/*, this line explicitly denies
# secret/super-secret. This takes precedence.
path "secret/super-secret" {
capabilities = ["deny"]
}
`,
rgp: `# Import strings library that exposes common string operations
import "strings"
# Conditional rule (precond) checks the incoming request endpoint
# targeted to sys/policies/acl/admin
precond = rule {
strings.has_prefix(request.path, "sys/policies/admin")
}
# Vault checks to see if the request was made by an entity
# named James Thomas or Team Lead role defined as its metadata
main = rule when precond {
identity.entity.metadata.role is "Team Lead" or
identity.entity.name is "James Thomas"
}
`,
egp: `import "time"
# Expect requests to only happen during work days (Monday
# through Friday) 0 for Sunday and 6 for Saturday
workdays = rule {
time.now.weekday > 0 and time.now.weekday < 6
}
# Expect requests to only happen during work hours (7:00 am -
# 6:00 pm)
workhours = rule {
time.now.hour > 7 and time.now.hour < 18
}
main = rule {
workdays and workhours
}
`,
};
moreInformationLinks = {
acl: '/vault/docs/concepts/policies#capabilities',
rgp: '/vault/tutorials/policies/sentinel#role-governing-policies-rgps',
egp: '/vault/docs/enterprise/sentinel#endpoint-governing-policies-egps',
};
}
Reference in a new issue View git blame Copy permalink