Manages a Sentinel policy registered in Nomad.
Enterprise Only! This API endpoint and functionality only exists in Nomad Enterprise. This is not present in the open source version of Nomad.
resource "nomad_sentinel_policy" "exec-only" {
name = "exec-only"
description = "Only allow jobs that are based on an exec driver."
policy = <<EOT
main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
all job.task_groups as tg {
all tg.tasks as task {
task.driver is "exec"
}
}
}
EOT
scope = "submit-job"
# allow administrators to override
enforcement_level = "soft-mandatory"
}
The following arguments are supported:
name (string: <required>) - A unique name for the policy. policy (string: <required>) - The contents of the policy to register. enforcement_level (strings: <required>) - The enforcement level for this policy. scope (strings: <required>) - The scope for this policy. description (string: "") - A description of the policy.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/nomad/r/sentinel_policy.html