Manages a Sentinel policy registered in Nomad.
resource "nomad_sentinel_policy" "exec-only" {
name = "exec-only"
description = "Only allow jobs that are based on an exec driver."
policy = <<EOT
main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
all job.task_groups as tg {
all tg.tasks as task {
task.driver is "exec"
}
}
}
EOT
scope = "submit-job"
# allow administrators to override
enforcement_level = "soft-mandatory"
}
The following arguments are supported:
name
(string: <required>)
- A unique name for the policy.policy
(string: <required>)
- The contents of the policy to register.enforcement_level
(strings: <required>)
- The enforcement level
for this policy.scope
(strings: <required>)
- The scope for this policy.description
(string: "")
- A description of the policy.