pulumi-nomad-kotlin/com.pulumi.nomad.kotlin/SentinelPolicyArgs

SentinelPolicyArgs

data class SentinelPolicyArgs(val description: Output<String>? = null, val enforcementLevel: Output<String>? = null, val name: Output<String>? = null, val policy: Output<String>? = null, val scope: Output<String>? = null) : ConvertibleToJava<SentinelPolicyArgs>

Manages a Sentinel policy registered in Nomad.

Enterprise Only! This API endpoint and functionality only exists in Nomad Enterprise. This is not present in the open source version of Nomad.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as nomad from "@pulumi/nomad";
const exec_only = new nomad.SentinelPolicy("exec-only", {
    name: "exec-only",
    description: "Only allow jobs that are based on an exec driver.",
    policy: `main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "exec"
        }
    }
}
`,
    scope: "submit-job",
    enforcementLevel: "soft-mandatory",
});
Content copied to clipboard
import pulumi
import pulumi_nomad as nomad
exec_only = nomad.SentinelPolicy("exec-only",
    name="exec-only",
    description="Only allow jobs that are based on an exec driver.",
    policy="""main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "exec"
        }
    }
}
""",
    scope="submit-job",
    enforcement_level="soft-mandatory")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Nomad = Pulumi.Nomad;
return await Deployment.RunAsync(() =>
{
    var exec_only = new Nomad.SentinelPolicy("exec-only", new()
    {
        Name = "exec-only",
        Description = "Only allow jobs that are based on an exec driver.",
        Policy = @"main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is ""exec""
        }
    }
}
",
        Scope = "submit-job",
        EnforcementLevel = "soft-mandatory",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-nomad/sdk/v2/go/nomad"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := nomad.NewSentinelPolicy(ctx, "exec-only", &nomad.SentinelPolicyArgs{
			Name:        pulumi.String("exec-only"),
			Description: pulumi.String("Only allow jobs that are based on an exec driver."),
			Policy: pulumi.String(`main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "exec"
        }
    }
}
`),
			Scope:            pulumi.String("submit-job"),
			EnforcementLevel: pulumi.String("soft-mandatory"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.nomad.SentinelPolicy;
import com.pulumi.nomad.SentinelPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exec_only = new SentinelPolicy("exec-only", SentinelPolicyArgs.builder()
            .name("exec-only")
            .description("Only allow jobs that are based on an exec driver.")
            .policy("""
main = rule { all_drivers_exec }
# all_drivers_exec checks that all the drivers in use are exec
all_drivers_exec = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "exec"
        }
    }
}
            """)
            .scope("submit-job")
            .enforcementLevel("soft-mandatory")
            .build());
    }
}
Content copied to clipboard
resources:
  exec-only:
    type: nomad:SentinelPolicy
    properties:
      name: exec-only
      description: Only allow jobs that are based on an exec driver.
      policy: |
        main = rule { all_drivers_exec }
        # all_drivers_exec checks that all the drivers in use are exec
        all_drivers_exec = rule {
            all job.task_groups as tg {
                all tg.tasks as task {
                    task.driver is "exec"
                }
            }
        }
      scope: submit-job
      enforcementLevel: soft-mandatory
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(description: Output<String>? = null, enforcementLevel: Output<String>? = null, name: Output<String>? = null, policy: Output<String>? = null, scope: Output<String>? = null)

Properties

Link copied to clipboard
val description: Output<String>? = null

(string: "") - A description of the policy. scope: https://www.nomadproject.io/guides/sentinel-policy.html#policy-scope enforcement-level: https://www.nomadproject.io/guides/sentinel-policy.html#enforcement-level

Link copied to clipboard
val enforcementLevel: Output<String>? = null

(strings: <required>) - The enforcement-level for this policy.

Link copied to clipboard
val name: Output<String>? = null

(string: <required>) - A unique name for the policy.

Link copied to clipboard
val policy: Output<String>? = null

(string: <required>) - The contents of the policy to register.

Link copied to clipboard
val scope: Output<String>? = null

(strings: <required>) - The scope for this policy.

Functions

Link copied to clipboard
open override fun toJava(): SentinelPolicyArgs