» nomad_sentinel_policy

Manages a Sentinel policy registered in Nomad.

Enterprise Only! This API endpoint and functionality only exists in Nomad Enterprise. This is not present in the open source version of Nomad.

» Example Usage

resource "nomad_sentinel_policy" "exec-only" {
  name = "exec-only"
  description = "Only allow jobs that are based on an exec driver."
  policy = <<EOT
main = rule { all_drivers_exec }

# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "exec"
        }
    }
}
EOT
  scope = "submit-job"
  # allow administrators to override
  enforcement_level = "soft-mandatory"
}

» Argument Reference

The following arguments are supported:

name (string: <required>) - A unique name for the policy.
policy (string: <required>) - The contents of the policy to register.
enforcement_level (strings: <required>) - The enforcement level for this policy.
scope (strings: <required>) - The scope for this policy.
description (string: "") - A description of the policy.