[VAULT-20073] Docs: update upgrade guide for 1.15 with information on Sentinel RGP group policy application (#23296)

Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
2025-08-19 05:31:10 +02:00 · 2023-09-27 21:36:43 +01:00 · 2023-09-27 21:36:43 +01:00 · 521f69bc25
commit 521f69bc25
parent 827bb275be
4 changed files with 17 additions and 0 deletions
--- a/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.13.x.mdx
@ -89,6 +89,10 @@ FAQ](/vault/docs/deprecation/faq#q-what-are-the-phases-of-deprecation).
 Affects upgrading from any version of Vault to 1.13.x. All other upgrade paths
 are unaffected.

+### Application of Sentinel Role Governing Policies (RGPs) via identity groups
+
+@include 'application-of-sentinel-rgps-via-identity-groups.mdx'
+
 ## Known issues

@include 'tokenization-rotation-persistence.mdx'
--- a/website/content/docs/upgrading/upgrade-to-1.14.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.14.x.mdx
@ -31,6 +31,10 @@ Official images separately.
 `vault.raft_storage.bolt.write.time` has been corrected from a summary to a counter to more accurately reflect that it
 is measuring cumulative time writing, and not the distribution of individual write times.

+### Application of Sentinel Role Governing Policies (RGPs) via identity groups
+
+@include 'application-of-sentinel-rgps-via-identity-groups.mdx'
+
 ## Known issues and workarounds

@include 'known-issues/ui-pki-control-groups.mdx'
--- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx
+++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx
@ -40,3 +40,7 @@ To continue measuring `vault.rollback.attempts.{MOUNTPOINT}` and
 metrics in the `telemetry` stanza of your Vault configuration with the
 [`add_mount_point_rollback_metrics`](/vault/docs/configuration/telemetry#add_mount_point_rollback_metrics)
 option.
+
+## Application of Sentinel Role Governing Policies (RGPs) via identity groups
+
+@include 'application-of-sentinel-rgps-via-identity-groups.mdx'
--- a/website/content/partials/application-of-sentinel-rgps-via-identity-groups.mdx
+++ b/website/content/partials/application-of-sentinel-rgps-via-identity-groups.mdx
@ -0,0 +1,5 @@
+As of versions `1.15.0`, `1.14.4`, and `1.13.8`, [the Sentinel RGPSs derived from membership in identity groups apply
+only to entities in the same and child namespaces, relative to the identity group](/vault/docs/enterprise/sentinel#rgps-and-namespaces).
+
+Also, the [`group_policy_application_mode`](/vault/api-docs/system/config-group-policy-application) only applies to
+to ACL policies. Vault Sentinel Role Governing Policies (RGPs) are not affected by group policy application mode.