github.com/djenriquez/nomad-1@v0.8.1/command/sentinel_apply.go (about) 1 package command 2 3 import ( 4 "fmt" 5 "io/ioutil" 6 "os" 7 "strings" 8 9 "github.com/hashicorp/nomad/api" 10 "github.com/posener/complete" 11 ) 12 13 type SentinelApplyCommand struct { 14 Meta 15 } 16 17 func (c *SentinelApplyCommand) Help() string { 18 helpText := ` 19 Usage: nomad sentinel apply [options] <name> <file> 20 21 Apply is used to write a new Sentinel policy or update an existing one. 22 The name of the policy and file must be specified. The file will be read 23 from stdin by specifying "-". 24 25 General Options: 26 27 ` + generalOptionsUsage() + ` 28 29 Apply Options: 30 31 -description 32 Sets a human readable description for the policy. 33 34 -scope (default: submit-job) 35 Sets the scope of the policy and when it should be enforced. 36 37 -level (default: advisory) 38 Sets the enforcement level of the policy. Must be one of advisory, 39 soft-mandatory, hard-mandatory. 40 41 ` 42 return strings.TrimSpace(helpText) 43 } 44 45 func (c *SentinelApplyCommand) AutocompleteFlags() complete.Flags { 46 return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient), 47 complete.Flags{ 48 "-description": complete.PredictAnything, 49 "-scope": complete.PredictAnything, 50 "-level": complete.PredictAnything, 51 }) 52 } 53 54 func (c *SentinelApplyCommand) AutocompleteArgs() complete.Predictor { 55 return complete.PredictNothing 56 } 57 58 func (c *SentinelApplyCommand) Synopsis() string { 59 return "Create a new or update existing Sentinel policies" 60 } 61 62 func (c *SentinelApplyCommand) Run(args []string) int { 63 var description, scope, enfLevel string 64 var err error 65 flags := c.Meta.FlagSet("sentinel apply", FlagSetClient) 66 flags.Usage = func() { c.Ui.Output(c.Help()) } 67 flags.StringVar(&description, "description", "", "") 68 flags.StringVar(&scope, "scope", "submit-job", "") 69 flags.StringVar(&enfLevel, "level", "advisory", "") 70 if err := flags.Parse(args); err != nil { 71 return 1 72 } 73 74 // Check that we got exactly two arguments 75 args = flags.Args() 76 if l := len(args); l != 2 { 77 c.Ui.Error(c.Help()) 78 return 1 79 } 80 81 // Get the name and file 82 policyName := args[0] 83 84 // Read the file contents 85 file := args[1] 86 var rawPolicy []byte 87 if file == "-" { 88 rawPolicy, err = ioutil.ReadAll(os.Stdin) 89 if err != nil { 90 c.Ui.Error(fmt.Sprintf("Failed to read stdin: %v", err)) 91 return 1 92 } 93 } else { 94 rawPolicy, err = ioutil.ReadFile(file) 95 if err != nil { 96 c.Ui.Error(fmt.Sprintf("Failed to read file: %v", err)) 97 return 1 98 } 99 } 100 101 // Construct the policy 102 sp := &api.SentinelPolicy{ 103 Name: policyName, 104 Description: description, 105 Scope: scope, 106 EnforcementLevel: enfLevel, 107 Policy: string(rawPolicy), 108 } 109 110 // Get the HTTP client 111 client, err := c.Meta.Client() 112 if err != nil { 113 c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err)) 114 return 1 115 } 116 117 // Get the list of policies 118 _, err = client.SentinelPolicies().Upsert(sp, nil) 119 if err != nil { 120 c.Ui.Error(fmt.Sprintf("Error writing Sentinel policy: %s", err)) 121 return 1 122 } 123 124 c.Ui.Output(fmt.Sprintf("Successfully wrote %q Sentinel policy!", 125 policyName)) 126 return 0 127 }