Merge pull request #344 from hashicorp/sethvargo/doc_policy

Document longest-prefix match
2015-06-15 14:31:42 -04:00 · 2015-06-15 14:31:42 -04:00 · f3abf5bcc8
parent f355049ef1 db178571eb
commit f3abf5bcc8
2 changed files with 21 additions and 14 deletions
--- a/website/Gemfile.lock
+++ b/website/Gemfile.lock
@ -26,7 +26,7 @@ GEM
      minitest (~> 5.1)
      thread_safe (~> 0.1)
      tzinfo (~> 1.1)
-    autoprefixer-rails (5.1.11)
+    autoprefixer-rails (5.2.0)
      execjs
      json
    bootstrap-sass (3.3.4.1)
@ -67,10 +67,10 @@ GEM
    hitimes (1.2.2)
    hooks (0.4.0)
      uber (~> 0.0.4)
-    htmlcompressor (0.1.2)
+    htmlcompressor (0.2.0)
    http_parser.rb (0.6.0)
    i18n (0.7.0)
-    json (1.8.2)
+    json (1.8.3)
    kramdown (1.7.0)
    less (2.6.0)
      commonjs (~> 0.2.7)
@ -79,18 +79,18 @@ GEM
      celluloid (~> 0.16.0)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
-    middleman (3.3.13)
+    middleman (3.3.12)
      coffee-script (~> 2.2)
      compass (>= 1.0.0, < 2.0.0)
      compass-import-once (= 1.0.5)
      execjs (~> 2.0)
      haml (>= 4.0.5)
      kramdown (~> 1.2)
-      middleman-core (= 3.3.13)
+      middleman-core (= 3.3.12)
      middleman-sprockets (>= 3.1.2)
      sass (>= 3.4.0, < 4.0)
      uglifier (~> 2.5)
-    middleman-core (3.3.13)
+    middleman-core (3.3.12)
      activesupport (~> 4.1.0)
      bundler (~> 1.1)
      erubis
@ -106,8 +106,8 @@ GEM
      em-websocket (~> 0.5.1)
      middleman-core (>= 3.3)
      rack-livereload (~> 0.3.15)
-    middleman-minify-html (3.4.0)
-      htmlcompressor (~> 0.1.0)
+    middleman-minify-html (3.4.1)
+      htmlcompressor (~> 0.2.0)
      middleman-core (>= 3.2)
    middleman-sprockets (3.4.2)
      middleman-core (>= 3.3)
@ -117,8 +117,8 @@ GEM
    middleman-syntax (2.0.0)
      middleman-core (~> 3.2)
      rouge (~> 1.0)
-    minitest (5.6.1)
-    multi_json (1.11.0)
+    minitest (5.7.0)
+    multi_json (1.11.1)
    padrino-helpers (0.12.5)
      i18n (~> 0.6, >= 0.6.7)
      padrino-support (= 0.12.5)
@ -134,13 +134,13 @@ GEM
    rack-ssl-enforcer (0.2.8)
    rack-test (0.6.3)
      rack (>= 1.0)
-    rb-fsevent (0.9.4)
+    rb-fsevent (0.9.5)
    rb-inotify (0.9.5)
      ffi (>= 0.5.0)
-    redcarpet (3.2.3)
+    redcarpet (3.3.1)
    ref (1.0.5)
-    rouge (1.8.0)
-    sass (3.4.13)
+    rouge (1.9.0)
+    sass (3.4.14)
    sprockets (2.12.3)
      hike (~> 1.2)
      multi_json (~> 1.0)
@ -175,3 +175,6 @@ PLATFORMS

 DEPENDENCIES
  middleman-hashicorp!
+
+BUNDLED WITH
+   1.10.3
--- a/website/source/docs/concepts/policies.html.md
+++ b/website/source/docs/concepts/policies.html.md
@ -37,6 +37,10 @@ This works well due to Vault's architecture of being like a filesystem:
 everything has a path associated with it, including the core configuration
 mechanism under "sys".

+~> Policy paths are matched using a longest-prefix match, which is the most
+specific defined policy. This means if you define a policy for `"secret/foo"`,
+the policy would also match `"secret/foobar"`.
+
 ## Policies

 Allowed policies for a path are: