From 521f69bc2549f74a3df91c82f73c63222be2753c Mon Sep 17 00:00:00 2001 From: Kuba Wieczorek Date: Wed, 27 Sep 2023 21:36:43 +0100 Subject: [PATCH] [VAULT-20073] Docs: update upgrade guide for 1.15 with information on Sentinel RGP group policy application (#23296) Co-authored-by: Peter Wilson --- website/content/docs/upgrading/upgrade-to-1.13.x.mdx | 4 ++++ website/content/docs/upgrading/upgrade-to-1.14.x.mdx | 4 ++++ website/content/docs/upgrading/upgrade-to-1.15.x.mdx | 4 ++++ .../application-of-sentinel-rgps-via-identity-groups.mdx | 5 +++++ 4 files changed, 17 insertions(+) create mode 100644 website/content/partials/application-of-sentinel-rgps-via-identity-groups.mdx diff --git a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx index 28f9f21ef7..ee2b332016 100644 --- a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx @@ -89,6 +89,10 @@ FAQ](/vault/docs/deprecation/faq#q-what-are-the-phases-of-deprecation). Affects upgrading from any version of Vault to 1.13.x. All other upgrade paths are unaffected. +### Application of Sentinel Role Governing Policies (RGPs) via identity groups + +@include 'application-of-sentinel-rgps-via-identity-groups.mdx' + ## Known issues @include 'tokenization-rotation-persistence.mdx' diff --git a/website/content/docs/upgrading/upgrade-to-1.14.x.mdx b/website/content/docs/upgrading/upgrade-to-1.14.x.mdx index 46da173d10..e388bbd958 100644 --- a/website/content/docs/upgrading/upgrade-to-1.14.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.14.x.mdx @@ -31,6 +31,10 @@ Official images separately. `vault.raft_storage.bolt.write.time` has been corrected from a summary to a counter to more accurately reflect that it is measuring cumulative time writing, and not the distribution of individual write times. +### Application of Sentinel Role Governing Policies (RGPs) via identity groups + +@include 'application-of-sentinel-rgps-via-identity-groups.mdx' + ## Known issues and workarounds @include 'known-issues/ui-pki-control-groups.mdx' diff --git a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx index 7dd36ad4de..511892b0e8 100644 --- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx @@ -40,3 +40,7 @@ To continue measuring `vault.rollback.attempts.{MOUNTPOINT}` and metrics in the `telemetry` stanza of your Vault configuration with the [`add_mount_point_rollback_metrics`](/vault/docs/configuration/telemetry#add_mount_point_rollback_metrics) option. + +## Application of Sentinel Role Governing Policies (RGPs) via identity groups + +@include 'application-of-sentinel-rgps-via-identity-groups.mdx' diff --git a/website/content/partials/application-of-sentinel-rgps-via-identity-groups.mdx b/website/content/partials/application-of-sentinel-rgps-via-identity-groups.mdx new file mode 100644 index 0000000000..881c03d52f --- /dev/null +++ b/website/content/partials/application-of-sentinel-rgps-via-identity-groups.mdx @@ -0,0 +1,5 @@ +As of versions `1.15.0`, `1.14.4`, and `1.13.8`, [the Sentinel RGPSs derived from membership in identity groups apply +only to entities in the same and child namespaces, relative to the identity group](/vault/docs/enterprise/sentinel#rgps-and-namespaces). + +Also, the [`group_policy_application_mode`](/vault/api-docs/system/config-group-policy-application) only applies to +to ACL policies. Vault Sentinel Role Governing Policies (RGPs) are not affected by group policy application mode.