github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/pages/api-docs/sentinel-policies.mdx (about) 1 --- 2 layout: api 3 page_title: Sentinel Policies - HTTP API 4 sidebar_title: Sentinel Policies 5 description: >- 6 The /sentinel/policy/ endpoints are used to configure and manage Sentinel 7 policies. 8 --- 9 10 # Sentinel Policies HTTP API 11 12 The `/sentinel/policies` and `/sentinel/policy/` endpoints are used to manage Sentinel policies. 13 For more details about Sentinel policies, please see the [Sentinel Policy Guide](https://learn.hashicorp.com/nomad/governance-and-policy/sentinel). 14 15 Sentinel endpoints are only available when ACLs are enabled. For more details about ACLs, please see the [ACL Guide](https://learn.hashicorp.com/nomad?track=acls#operations-and-development). 16 17 ~> **Enterprise Only!** This API endpoint and functionality only exists in 18 Nomad Enterprise. This is not present in the open source version of Nomad. 19 20 ## List Policies 21 22 This endpoint lists all Sentinel policies. This lists the policies that have been replicated 23 to the region, and may lag behind the authoritative region. 24 25 | Method | Path | Produces | 26 | ------ | -------------------- | ------------------ | 27 | `GET` | `/sentinel/policies` | `application/json` | 28 29 The table below shows this endpoint's support for 30 [blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and 31 [required ACLs](/api-docs#acls). 32 33 | Blocking Queries | Consistency Modes | ACL Required | 34 | ---------------- | ----------------- | ------------ | 35 | `YES` | `all` | `management` | 36 37 ### Sample Request 38 39 ```shell-sessioncurl \ 40 https://localhost:4646/v1/sentinel/policies 41 ``` 42 43 ### Sample Response 44 45 ```json 46 [ 47 { 48 "Name": "foo", 49 "Description": "test policy", 50 "Scope": "submit-job", 51 "EnforcementLevel": "advisory", 52 "Hash": "CIs8aNX5OfFvo4D7ihWcQSexEJpHp+Za+dHSncVx5+8=", 53 "CreateIndex": 8, 54 "ModifyIndex": 8 55 } 56 ] 57 ``` 58 59 ## Create or Update Policy 60 61 This endpoint creates or updates an Sentinel Policy. This request is always forwarded to the 62 authoritative region. 63 64 | Method | Path | Produces | 65 | ------ | ------------------------------- | -------------- | 66 | `POST` | `/sentinel/policy/:policy_name` | `(empty body)` | 67 68 The table below shows this endpoint's support for 69 [blocking queries](/api-docs#blocking-queries) and 70 [required ACLs](/api-docs#acls). 71 72 | Blocking Queries | ACL Required | 73 | ---------------- | ------------ | 74 | `NO` | `management` | 75 76 ### Parameters 77 78 - `Name` `(string: <required>)` - Specifies the name of the policy. 79 Creates the policy if the name does not exist, otherwise updates the existing policy. 80 81 - `Description` `(string: <optional>)` - Specifies a human readable description. 82 83 - `Scope` `(string: <required>)` - Specifies the scope of when this policy applies. Only `submit-job` is currently supported. 84 85 - `EnforcementLevel` `(string: <required>)` - Specifies the enforcement level of the policy. Can be `advisory` which warns on failure, 86 `hard-mandatory` which prevents an operation on failure, and `soft-mandatory` which is like `hard-mandatory` but can be overridden. 87 88 - `Policy` `(string: <required>)` - Specifies the Sentinel policy itself. 89 90 ### Sample Payload 91 92 ```json 93 { 94 "Name": "my-policy", 95 "Description": "This is a great policy", 96 "Scope": "submit-job", 97 "EnforcementLevel": "advisory", 98 "Policy": "main = rule { true }" 99 } 100 ``` 101 102 ### Sample Request 103 104 ```shell-sessioncurl \ 105 --request POST \ 106 --data @payload.json \ 107 https://localhost:4646/v1/sentinel/policy/my-policy 108 ``` 109 110 ## Read Policy 111 112 This endpoint reads a Sentinel policy with the given name. This queries the policy that have been 113 replicated to the region, and may lag behind the authoritative region. 114 115 | Method | Path | Produces | 116 | ------ | ------------------------------- | ------------------ | 117 | `GET` | `/sentinel/policy/:policy_name` | `application/json` | 118 119 The table below shows this endpoint's support for 120 [blocking queries](/api-docs#blocking-queries), [consistency modes](/api-docs#consistency-modes) and 121 [required ACLs](/api-docs#acls). 122 123 | Blocking Queries | Consistency Modes | ACL Required | 124 | ---------------- | ----------------- | ------------ | 125 | `YES` | `all` | `management` | 126 127 ### Sample Request 128 129 ```shell-sessioncurl \ 130 https://localhost:4646/v1/sentinel/policy/foo 131 ``` 132 133 ### Sample Response 134 135 ```json 136 { 137 "Name": "foo", 138 "Description": "test policy", 139 "Scope": "submit-job", 140 "EnforcementLevel": "advisory", 141 "Policy": "main = rule { true }\n", 142 "Hash": "CIs8aNX5OfFvo4D7ihWcQSexEJpHp+Za+dHSncVx5+8=", 143 "CreateIndex": 8, 144 "ModifyIndex": 8 145 } 146 ``` 147 148 ## Delete Policy 149 150 This endpoint deletes the named Sentinel policy. This request is always forwarded to the 151 authoritative region. 152 153 | Method | Path | Produces | 154 | -------- | ------------------------------- | -------------- | 155 | `DELETE` | `/sentinel/policy/:policy_name` | `(empty body)` | 156 157 The table below shows this endpoint's support for 158 [blocking queries](/api-docs#blocking-queries) and 159 [required ACLs](/api-docs#acls). 160 161 | Blocking Queries | ACL Required | 162 | ---------------- | ------------ | 163 | `NO` | `management` | 164 165 ### Parameters 166 167 - `policy_name` `(string: <required>)` - Specifies the policy name to delete. 168 169 ### Sample Request 170 171 ```shell-sessioncurl \ 172 --request DELETE \ 173 https://localhost:4646/v1/sentinel/policy/foo 174 ```