github.com/smintz/nomad@v0.8.3/website/source/docs/enterprise/sentinel/index.html.md

github.com/smintz/nomad@v0.8.3/website/source/docs/enterprise/sentinel/index.html.md (about)

     1  ---
     2  layout: "docs"
     3  page_title: "Nomad Enterprise Sentinel Policy Enforcement"
     4  sidebar_current: "docs-enterprise-sentinel"
     5  description: |-
     6    Nomad Enterprise provides support for policy enforcement using Sentinel.
     7  ---
     8  
     9  # Nomad Enterprise Sentinel Policy Enforcement
    10  
    11  In [Nomad Enterprise](https://www.hashicorp.com/products/nomad/), operators can
    12  create [Sentinel policies](/guides/sentinel-policy.html) for fine-grained policy
    13  enforcement. Sentinel policies build on top of the ACL system and allow operators to define 
    14  policies such as disallowing jobs to be submitted to production on
    15  Fridays. These extremely rich policies are defined as code. For example, to
    16  restrict jobs to only using the Docker driver, the operator would define and apply
    17  the following policy:
    18  
    19  ```
    20  # Only allows Docker based tasks
    21  main = rule { all_drivers_docker }
    22  
    23  # all_drivers_docker checks that all the drivers in use are Docker
    24  all_drivers_docker = rule {
    25      all job.task_groups as tg {
    26          all tg.tasks as task {
    27              task.driver is "docker"
    28          }
    29      }
    30  }
    31  ```
    32  
    33  See the [Sentinel Policies Guide](/guides/sentinel-policy.html) for additional details and examples.