You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a Conjur user, I want get notified properly if my restricted_to is not set right, so that I can fix it correctly.
GIVEN policy load
WHEN restricted_to is not set right
THEN fail policy load with right message that will help the user correct the policy
Notes
restricted_to - Restricts authentication from the specified network range. This can include:
one or more IP addresses
one or more CIDR ranges
restricted_to attribute is relevant to user, host and host factory
The restricted_to attribute does not correctly gate access to the DAP UI based on origin IP address. Applying this attribute to a user results in denying that user any access to the UI, regardless of their origin IP address.
Trusted proxies must be configured before you can use this feature. For more information, see Client IP Address Sourcing.
loading or changing policy can happen in 3 API POST, PUt and PATCH
DOD
Implement validation for restricted to setting while loading a policy
Demo the feature according to requirements/flows
Automatic integration tests written according to a test plan and passed successfully
UT written for all classes\functions\major logic flows and passed successfully
Security review has been performed
Security action items were taken
Enhance logs and supportability - Do we need troubleshooting section?
Logs were reviewed by TW and PO
Documentation HO to TW and review docs
The text was updated successfully, but these errors were encountered:
As a Conjur user, I want get notified properly if my restricted_to is not set right, so that I can fix it correctly.
GIVEN policy load
WHEN restricted_to is not set right
THEN fail policy load with right message that will help the user correct the policy
Notes
restricted_to - Restricts authentication from the specified network range. This can include:
one or more IP addresses
one or more CIDR ranges
restricted_to attribute is relevant to user, host and host factory
The restricted_to attribute does not correctly gate access to the DAP UI based on origin IP address. Applying this attribute to a user results in denying that user any access to the UI, regardless of their origin IP address.
Trusted proxies must be configured before you can use this feature. For more information, see Client IP Address Sourcing.
loading or changing policy can happen in 3 API POST, PUt and PATCH
DOD
The text was updated successfully, but these errors were encountered: