Merge pull request #344 from hashicorp/sethvargo/doc_policy
Document longest-prefix match
This commit is contained in:
commit
f3abf5bcc8
|
@ -26,7 +26,7 @@ GEM
|
|||
minitest (~> 5.1)
|
||||
thread_safe (~> 0.1)
|
||||
tzinfo (~> 1.1)
|
||||
autoprefixer-rails (5.1.11)
|
||||
autoprefixer-rails (5.2.0)
|
||||
execjs
|
||||
json
|
||||
bootstrap-sass (3.3.4.1)
|
||||
|
@ -67,10 +67,10 @@ GEM
|
|||
hitimes (1.2.2)
|
||||
hooks (0.4.0)
|
||||
uber (~> 0.0.4)
|
||||
htmlcompressor (0.1.2)
|
||||
htmlcompressor (0.2.0)
|
||||
http_parser.rb (0.6.0)
|
||||
i18n (0.7.0)
|
||||
json (1.8.2)
|
||||
json (1.8.3)
|
||||
kramdown (1.7.0)
|
||||
less (2.6.0)
|
||||
commonjs (~> 0.2.7)
|
||||
|
@ -79,18 +79,18 @@ GEM
|
|||
celluloid (~> 0.16.0)
|
||||
rb-fsevent (>= 0.9.3)
|
||||
rb-inotify (>= 0.9)
|
||||
middleman (3.3.13)
|
||||
middleman (3.3.12)
|
||||
coffee-script (~> 2.2)
|
||||
compass (>= 1.0.0, < 2.0.0)
|
||||
compass-import-once (= 1.0.5)
|
||||
execjs (~> 2.0)
|
||||
haml (>= 4.0.5)
|
||||
kramdown (~> 1.2)
|
||||
middleman-core (= 3.3.13)
|
||||
middleman-core (= 3.3.12)
|
||||
middleman-sprockets (>= 3.1.2)
|
||||
sass (>= 3.4.0, < 4.0)
|
||||
uglifier (~> 2.5)
|
||||
middleman-core (3.3.13)
|
||||
middleman-core (3.3.12)
|
||||
activesupport (~> 4.1.0)
|
||||
bundler (~> 1.1)
|
||||
erubis
|
||||
|
@ -106,8 +106,8 @@ GEM
|
|||
em-websocket (~> 0.5.1)
|
||||
middleman-core (>= 3.3)
|
||||
rack-livereload (~> 0.3.15)
|
||||
middleman-minify-html (3.4.0)
|
||||
htmlcompressor (~> 0.1.0)
|
||||
middleman-minify-html (3.4.1)
|
||||
htmlcompressor (~> 0.2.0)
|
||||
middleman-core (>= 3.2)
|
||||
middleman-sprockets (3.4.2)
|
||||
middleman-core (>= 3.3)
|
||||
|
@ -117,8 +117,8 @@ GEM
|
|||
middleman-syntax (2.0.0)
|
||||
middleman-core (~> 3.2)
|
||||
rouge (~> 1.0)
|
||||
minitest (5.6.1)
|
||||
multi_json (1.11.0)
|
||||
minitest (5.7.0)
|
||||
multi_json (1.11.1)
|
||||
padrino-helpers (0.12.5)
|
||||
i18n (~> 0.6, >= 0.6.7)
|
||||
padrino-support (= 0.12.5)
|
||||
|
@ -134,13 +134,13 @@ GEM
|
|||
rack-ssl-enforcer (0.2.8)
|
||||
rack-test (0.6.3)
|
||||
rack (>= 1.0)
|
||||
rb-fsevent (0.9.4)
|
||||
rb-fsevent (0.9.5)
|
||||
rb-inotify (0.9.5)
|
||||
ffi (>= 0.5.0)
|
||||
redcarpet (3.2.3)
|
||||
redcarpet (3.3.1)
|
||||
ref (1.0.5)
|
||||
rouge (1.8.0)
|
||||
sass (3.4.13)
|
||||
rouge (1.9.0)
|
||||
sass (3.4.14)
|
||||
sprockets (2.12.3)
|
||||
hike (~> 1.2)
|
||||
multi_json (~> 1.0)
|
||||
|
@ -175,3 +175,6 @@ PLATFORMS
|
|||
|
||||
DEPENDENCIES
|
||||
middleman-hashicorp!
|
||||
|
||||
BUNDLED WITH
|
||||
1.10.3
|
||||
|
|
|
@ -37,6 +37,10 @@ This works well due to Vault's architecture of being like a filesystem:
|
|||
everything has a path associated with it, including the core configuration
|
||||
mechanism under "sys".
|
||||
|
||||
~> Policy paths are matched using a longest-prefix match, which is the most
|
||||
specific defined policy. This means if you define a policy for `"secret/foo"`,
|
||||
the policy would also match `"secret/foobar"`.
|
||||
|
||||
## Policies
|
||||
|
||||
Allowed policies for a path are:
|
||||
|
|
Loading…
Reference in a new issue