Policy Document.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/secret_management/namespaces/example/secret_policys/example/get_policy_document';const options = {method: 'GET', headers: {Authorization: '<Authorization>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/secret_management/namespaces/example/secret_policys/example/get_policy_document \ --header 'Authorization: <Authorization>'GetPolicyDocument API returns secret policy document for the given policy that contains information about all the rules in the policy and policy_id. This document can be given to F5 Distributed Cloud secret management tool to do secret encryption.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace
x-required Namespace of the secret policy.
Name
x-required Name of the secret policy.
Responses
Section titled “Responses”A successful response.
Policy Document contains the information about the secret policy and all the secret policy rules for the policy. This document can be given to F5 Distributed Cloud secret management tool to do secret encryption.
object
object
Name of the policy.
Namespace of the policy.
PolicyID for the policy. PolicyID is an integer ID which uniquely identifies the policy in given tenant.
object
A list of references to secret_policy_rule objects. The order of evaluation of the rules depends on the rule combining algorithm.
A secret_policy_rule object consists of an unordered list of predicates and an action. The predicates are evaluated against a set of input fields that are extracted from client certificate. A rule is considered to match if all predicates in the rule evaluate to true for that request. Any predicates that are not specified in a rule are implicitly considered to be true. If a rule is matched, the action specified for the rule is enforced for that request.
A secret_policy_rule can be part of exactly one secret_policy and must belong to the same namespace as the secret policy.
object
Exclusive with [client_name_matcher client_selector] The name of the client trying to access the secret. Name of the client will be extracted from client TLS certificate. This predicate evaluates to true if client name matches the configured name.
object
A list of exact values to match the input against.
A list of regular expressions to match the input against.
An ordered list of transformers (starting from index 0) to be applied to the path before matching.
object
Expressions contains the Kubernetes style label expression for selections. Required: YES.
Tenant for the policy.
Example
{ "data": { "policy_info": { "algo": "FIRST_MATCH", "rules": [ { "action": "DENY", "client_name_matcher": { "transformers": [ "LOWER_CASE" ] } } ] } }}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example