github.com/adityamillind98/nomad@v0.11.8/website/pages/api-docs/sentinel-policies.mdx (about) 1 --- 2 layout: api 3 page_title: Sentinel Policies - HTTP API 4 sidebar_title: Sentinel Policies 5 description: >- 6 The /sentinel/policy/ endpoints are used to configure and manage Sentinel 7 policies. 8 --- 9 10 # Sentinel Policies HTTP API 11 12 The `/sentinel/policies` and `/sentinel/policy/` endpoints are used to manage Sentinel policies. 13 For more details about Sentinel policies, please see the [Sentinel Policy Guide](https://learn.hashicorp.com/nomad/governance-and-policy/sentinel). 14 15 Sentinel endpoints are only available when ACLs are enabled. For more details about ACLs, please see the [ACL Guide](https://learn.hashicorp.com/nomad?track=acls#operations-and-development). 16 17 ~> **Enterprise Only!** This API endpoint and functionality only exists in 18 Nomad Enterprise. This is not present in the open source version of Nomad. 19 20 ## List Policies 21 22 This endpoint lists all Sentinel policies. This lists the policies that have been replicated 23 to the region, and may lag behind the authoritative region. 24 25 | Method | Path | Produces | 26 | ------ | -------------------- | ------------------ | 27 | `GET` | `/sentinel/policies` | `application/json` | 28 29 The table below shows this endpoint's support for 30 [blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and 31 [required ACLs](/api-docs#acls). 32 33 | Blocking Queries | Consistency Modes | ACL Required | 34 | ---------------- | ----------------- | ------------ | 35 | `YES` | `all` | `management` | 36 37 ### Sample Request 38 39 ```shell-session 40 $ curl \ 41 https://localhost:4646/v1/sentinel/policies 42 ``` 43 44 ### Sample Response 45 46 ```json 47 [ 48 { 49 "Name": "foo", 50 "Description": "test policy", 51 "Scope": "submit-job", 52 "EnforcementLevel": "advisory", 53 "Hash": "CIs8aNX5OfFvo4D7ihWcQSexEJpHp+Za+dHSncVx5+8=", 54 "CreateIndex": 8, 55 "ModifyIndex": 8 56 } 57 ] 58 ``` 59 60 ## Create or Update Policy 61 62 This endpoint creates or updates an Sentinel Policy. This request is always forwarded to the 63 authoritative region. 64 65 | Method | Path | Produces | 66 | ------ | ------------------------------- | -------------- | 67 | `POST` | `/sentinel/policy/:policy_name` | `(empty body)` | 68 69 The table below shows this endpoint's support for 70 [blocking queries](/api-docs#blocking-queries) and 71 [required ACLs](/api-docs#acls). 72 73 | Blocking Queries | ACL Required | 74 | ---------------- | ------------ | 75 | `NO` | `management` | 76 77 ### Parameters 78 79 - `Name` `(string: <required>)` - Specifies the name of the policy. 80 Creates the policy if the name does not exist, otherwise updates the existing policy. 81 82 - `Description` `(string: <optional>)` - Specifies a human readable description. 83 84 - `Scope` `(string: <required>)` - Specifies the scope of when this policy applies. Only `submit-job` is currently supported. 85 86 - `EnforcementLevel` `(string: <required>)` - Specifies the enforcement level of the policy. Can be `advisory` which warns on failure, 87 `hard-mandatory` which prevents an operation on failure, and `soft-mandatory` which is like `hard-mandatory` but can be overridden. 88 89 - `Policy` `(string: <required>)` - Specifies the Sentinel policy itself. 90 91 ### Sample Payload 92 93 ```json 94 { 95 "Name": "my-policy", 96 "Description": "This is a great policy", 97 "Scope": "submit-job", 98 "EnforcementLevel": "advisory", 99 "Policy": "main = rule { true }" 100 } 101 ``` 102 103 ### Sample Request 104 105 ```shell-session 106 $ curl \ 107 --request POST \ 108 --data @payload.json \ 109 https://localhost:4646/v1/sentinel/policy/my-policy 110 ``` 111 112 ## Read Policy 113 114 This endpoint reads a Sentinel policy with the given name. This queries the policy that have been 115 replicated to the region, and may lag behind the authoritative region. 116 117 | Method | Path | Produces | 118 | ------ | ------------------------------- | ------------------ | 119 | `GET` | `/sentinel/policy/:policy_name` | `application/json` | 120 121 The table below shows this endpoint's support for 122 [blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and 123 [required ACLs](/api-docs#acls). 124 125 | Blocking Queries | Consistency Modes | ACL Required | 126 | ---------------- | ----------------- | ------------ | 127 | `YES` | `all` | `management` | 128 129 ### Sample Request 130 131 ```shell-session 132 $ curl \ 133 https://localhost:4646/v1/sentinel/policy/foo 134 ``` 135 136 ### Sample Response 137 138 ```json 139 { 140 "Name": "foo", 141 "Description": "test policy", 142 "Scope": "submit-job", 143 "EnforcementLevel": "advisory", 144 "Policy": "main = rule { true }\n", 145 "Hash": "CIs8aNX5OfFvo4D7ihWcQSexEJpHp+Za+dHSncVx5+8=", 146 "CreateIndex": 8, 147 "ModifyIndex": 8 148 } 149 ``` 150 151 ## Delete Policy 152 153 This endpoint deletes the named Sentinel policy. This request is always forwarded to the 154 authoritative region. 155 156 | Method | Path | Produces | 157 | -------- | ------------------------------- | -------------- | 158 | `DELETE` | `/sentinel/policy/:policy_name` | `(empty body)` | 159 160 The table below shows this endpoint's support for 161 [blocking queries](/api-docs#blocking-queries) and 162 [required ACLs](/api-docs#acls). 163 164 | Blocking Queries | ACL Required | 165 | ---------------- | ------------ | 166 | `NO` | `management` | 167 168 ### Parameters 169 170 - `policy_name` `(string: <required>)` - Specifies the policy name to delete. 171 172 ### Sample Request 173 174 ```shell-session 175 $ curl \ 176 --request DELETE \ 177 https://localhost:4646/v1/sentinel/policy/foo 178 ```