2026-02-06 03:34:50 +08:00
|
|
|
|
<template>
|
|
|
|
|
|
<div class="role-policy-demo">
|
|
|
|
|
|
<div class="demo-header">
|
2026-02-14 12:14:07 +08:00
|
|
|
|
<span class="icon">🎭</span>
|
|
|
|
|
|
<span class="title">角色与策略</span>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<span class="subtitle">策略叠加原理</span>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<div class="main-area">
|
|
|
|
|
|
<div class="role-section">
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div
|
|
|
|
|
|
class="role-card"
|
|
|
|
|
|
@click="showTrust = !showTrust"
|
|
|
|
|
|
>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<span class="role-icon">🎭</span>
|
|
|
|
|
|
<div class="role-info">
|
|
|
|
|
|
<span class="role-name">CrossAccountS3AccessRole</span>
|
|
|
|
|
|
<span class="role-type">跨账号访问角色</span>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<span class="expand-icon">{{ showTrust ? '▼' : '▶' }}</span>
|
|
|
|
|
|
</div>
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div
|
|
|
|
|
|
v-if="showTrust"
|
|
|
|
|
|
class="trust-policy"
|
|
|
|
|
|
>
|
|
|
|
|
|
<div class="trust-title">
|
|
|
|
|
|
🔐 信任策略
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div
|
|
|
|
|
|
v-for="(t, i) in trustPolicy"
|
|
|
|
|
|
:key="i"
|
|
|
|
|
|
class="trust-item"
|
|
|
|
|
|
>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<span class="principal">{{ t.principal }}</span>
|
|
|
|
|
|
<span class="action">{{ t.action }}</span>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<div class="policies-section">
|
|
|
|
|
|
<div
|
|
|
|
|
|
v-for="(policy, index) in attachedPolicies"
|
|
|
|
|
|
:key="index"
|
|
|
|
|
|
class="policy-card"
|
|
|
|
|
|
:class="{ selected: selectedPolicy === index }"
|
|
|
|
|
|
@click="selectedPolicy = index"
|
|
|
|
|
|
>
|
|
|
|
|
|
<div class="policy-header">
|
|
|
|
|
|
<span class="policy-icon">{{ policy.icon }}</span>
|
|
|
|
|
|
<span class="policy-name">{{ policy.name }}</span>
|
|
|
|
|
|
</div>
|
2026-02-18 17:38:10 +08:00
|
|
|
|
<div
|
|
|
|
|
|
v-if="selectedPolicy === index"
|
|
|
|
|
|
class="policy-perms"
|
|
|
|
|
|
>
|
|
|
|
|
|
<div
|
|
|
|
|
|
v-for="(p, i) in policy.permissions"
|
|
|
|
|
|
:key="i"
|
|
|
|
|
|
class="perm"
|
|
|
|
|
|
>
|
|
|
|
|
|
<span
|
|
|
|
|
|
class="effect"
|
|
|
|
|
|
:class="p.effect.toLowerCase()"
|
|
|
|
|
|
>{{ p.effect }}</span>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<span class="action">{{ p.action }}</span>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
2026-02-13 22:10:03 +08:00
|
|
|
|
|
|
|
|
|
|
<div class="info-box">
|
2026-02-14 12:14:07 +08:00
|
|
|
|
<span class="icon">💡</span>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
<strong>核心思想:</strong>策略叠加——一个角色可附加多个策略,最终权限是所有策略的叠加结果。Deny 优先级高于 Allow。
|
2026-02-13 22:10:03 +08:00
|
|
|
|
</div>
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</div>
|
|
|
|
|
|
</template>
|
|
|
|
|
|
|
|
|
|
|
|
<script setup>
|
2026-02-14 20:23:34 +08:00
|
|
|
|
import { ref } from 'vue'
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
const showTrust = ref(false)
|
|
|
|
|
|
const selectedPolicy = ref(0)
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
const trustPolicy = [
|
|
|
|
|
|
{ principal: '账号 A (123456789012)', action: 'sts:AssumeRole' },
|
|
|
|
|
|
{ principal: '特定 IAM 用户', action: 'sts:AssumeRole' }
|
|
|
|
|
|
]
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
const attachedPolicies = [
|
2026-02-06 03:34:50 +08:00
|
|
|
|
{
|
|
|
|
|
|
name: 'S3ReadWritePolicy',
|
|
|
|
|
|
icon: '📦',
|
|
|
|
|
|
permissions: [
|
2026-02-14 20:23:34 +08:00
|
|
|
|
{ effect: 'Allow', action: 's3:GetObject' },
|
|
|
|
|
|
{ effect: 'Allow', action: 's3:PutObject' }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
]
|
|
|
|
|
|
},
|
|
|
|
|
|
{
|
|
|
|
|
|
name: 'CloudWatchLogsPolicy',
|
|
|
|
|
|
icon: '📊',
|
|
|
|
|
|
permissions: [
|
2026-02-14 20:23:34 +08:00
|
|
|
|
{ effect: 'Allow', action: 'logs:CreateLogGroup' },
|
|
|
|
|
|
{ effect: 'Allow', action: 'logs:PutLogEvents' }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
]
|
|
|
|
|
|
},
|
|
|
|
|
|
{
|
|
|
|
|
|
name: 'DenySensitiveData',
|
|
|
|
|
|
icon: '🚫',
|
|
|
|
|
|
permissions: [
|
2026-02-14 20:23:34 +08:00
|
|
|
|
{ effect: 'Deny', action: 's3:GetObject (sensitive/*)' },
|
|
|
|
|
|
{ effect: 'Deny', action: 's3:DeleteObject' }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
]
|
|
|
|
|
|
}
|
2026-02-14 20:23:34 +08:00
|
|
|
|
]
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</script>
|
|
|
|
|
|
|
|
|
|
|
|
<style scoped>
|
|
|
|
|
|
.role-policy-demo {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
|
|
|
|
|
background: var(--vp-c-bg-soft);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
|
|
|
|
|
padding: 0.75rem;
|
|
|
|
|
|
margin: 0.5rem 0;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
.demo-header {
|
2026-02-14 20:23:34 +08:00
|
|
|
|
display: flex;
|
|
|
|
|
|
align-items: center;
|
|
|
|
|
|
gap: 0.5rem;
|
|
|
|
|
|
margin-bottom: 0.75rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.demo-header .icon { font-size: 1.25rem; }
|
|
|
|
|
|
.demo-header .title { font-weight: bold; font-size: 1rem; }
|
|
|
|
|
|
.demo-header .subtitle { color: var(--vp-c-text-2); font-size: 0.85rem; margin-left: 0.5rem; }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.main-area {
|
|
|
|
|
|
display: grid;
|
|
|
|
|
|
grid-template-columns: 1fr 1fr;
|
|
|
|
|
|
gap: 0.75rem;
|
|
|
|
|
|
margin-bottom: 0.75rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
@media (max-width: 640px) {
|
|
|
|
|
|
.main-area { grid-template-columns: 1fr; }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.role-section { display: flex; flex-direction: column; gap: 0.4rem; }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.role-card {
|
|
|
|
|
|
display: flex;
|
|
|
|
|
|
align-items: center;
|
|
|
|
|
|
gap: 0.5rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
|
|
|
|
|
padding: 0.6rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
cursor: pointer;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
transition: all 0.2s;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.role-card:hover { border-color: var(--vp-c-brand); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.role-icon { font-size: 1.5rem; }
|
|
|
|
|
|
.role-info { flex: 1; }
|
|
|
|
|
|
.role-name { display: block; font-weight: 600; font-size: 0.85rem; color: var(--vp-c-text-1); }
|
|
|
|
|
|
.role-type { display: block; font-size: 0.7rem; color: var(--vp-c-text-2); }
|
|
|
|
|
|
.expand-icon { font-size: 0.7rem; color: var(--vp-c-text-3); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
|
|
|
|
|
.trust-policy {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
2026-02-06 03:34:50 +08:00
|
|
|
|
border-radius: 6px;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
padding: 0.5rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.trust-title { font-size: 0.75rem; font-weight: 600; margin-bottom: 0.4rem; color: var(--vp-c-text-1); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.trust-item {
|
|
|
|
|
|
background: var(--vp-c-bg-alt);
|
|
|
|
|
|
border-radius: 4px;
|
|
|
|
|
|
padding: 0.3rem 0.4rem;
|
|
|
|
|
|
margin-bottom: 0.25rem;
|
|
|
|
|
|
font-size: 0.7rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.trust-item .principal { font-weight: 600; color: var(--vp-c-brand-1); display: block; }
|
|
|
|
|
|
.trust-item .action { color: var(--vp-c-text-2); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.policies-section { display: flex; flex-direction: column; gap: 0.4rem; }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
|
|
|
|
|
.policy-card {
|
2026-02-13 22:10:03 +08:00
|
|
|
|
background: var(--vp-c-bg);
|
|
|
|
|
|
border: 1px solid var(--vp-c-divider);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
border-radius: 6px;
|
|
|
|
|
|
padding: 0.5rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
cursor: pointer;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
transition: all 0.2s;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.policy-card:hover { border-color: var(--vp-c-brand); }
|
|
|
|
|
|
.policy-card.selected { border-color: var(--vp-c-brand); background: var(--vp-c-bg-alt); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.policy-header { display: flex; align-items: center; gap: 0.4rem; }
|
|
|
|
|
|
.policy-icon { font-size: 1rem; }
|
|
|
|
|
|
.policy-name { font-weight: 600; font-size: 0.8rem; color: var(--vp-c-text-1); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.policy-perms { margin-top: 0.4rem; padding-top: 0.4rem; border-top: 1px solid var(--vp-c-divider); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.perm {
|
2026-02-06 03:34:50 +08:00
|
|
|
|
display: flex;
|
|
|
|
|
|
align-items: center;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
gap: 0.3rem;
|
|
|
|
|
|
padding: 0.2rem 0;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-size: 0.7rem;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.effect {
|
|
|
|
|
|
padding: 0.1rem 0.3rem;
|
|
|
|
|
|
border-radius: 2px;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
font-weight: 600;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
font-size: 0.6rem;
|
2026-02-06 03:34:50 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.effect.allow { background: var(--vp-c-brand-soft); color: var(--vp-c-brand-1); }
|
|
|
|
|
|
.effect.deny { background: rgba(239, 68, 68, 0.15); color: #dc2626; }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.perm .action { font-family: var(--vp-font-family-mono); color: var(--vp-c-text-2); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
|
2026-02-13 22:10:03 +08:00
|
|
|
|
.info-box {
|
|
|
|
|
|
background: var(--vp-c-bg-alt);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
padding: 0.6rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
border-radius: 6px;
|
2026-02-14 20:23:34 +08:00
|
|
|
|
font-size: 0.85rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
color: var(--vp-c-text-2);
|
2026-02-14 20:23:34 +08:00
|
|
|
|
display: flex;
|
|
|
|
|
|
gap: 0.25rem;
|
2026-02-13 22:10:03 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-14 20:23:34 +08:00
|
|
|
|
.info-box .icon { flex-shrink: 0; }
|
|
|
|
|
|
.info-box strong { color: var(--vp-c-text-1); }
|
2026-02-06 03:34:50 +08:00
|
|
|
|
</style>
|
