nomad_sentinel_policy

Manages a Sentinel policy registered in Nomad.

Enterprise Only! This API endpoint and functionality only exists in Nomad Enterprise. This is not present in the open source version of Nomad.

Example Usage

resource "nomad_sentinel_policy" "exec-only" {
  name = "exec-only"
  description = "Only allow jobs that are based on an exec driver."
  policy = <<EOT
main = rule { all_drivers_exec }

# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "exec"
        }
    }
}
EOT
  scope = "submit-job"
  # allow administrators to override
  enforcement_level = "soft-mandatory"
}

Argument Reference

The following arguments are supported:

• name (string: <required>) - A unique name for the policy.
• policy (string: <required>) - The contents of the policy to register.
• enforcement_level (strings: <required>) - The enforcement level for this policy.
• scope (strings: <required>) - The scope for this policy.
• description (string: "") - A description of the policy.