mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
e16a3339ad
* Add ent policy enforcement stubs to CSI Volume create/register * Wire policy override/warnings through CSI volume register/create * Add new scope to sentinel apply * Sanitize CSISecrets & CSIMountOptions * Add sentinel policy scope to ui * Update docs for new sentinel scope/policy * Create new api funcs for CSI endpoints * fix sentinel csi ui test * Update sentinel-policy docs * Add changelog * Update docs from feedback
92 lines
2.3 KiB
Go
92 lines
2.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package api
|
|
|
|
import (
|
|
"errors"
|
|
)
|
|
|
|
// SentinelPolicies is used to query the Sentinel Policy endpoints.
|
|
type SentinelPolicies struct {
|
|
client *Client
|
|
}
|
|
|
|
// SentinelPolicies returns a new handle on the Sentinel policies.
|
|
func (c *Client) SentinelPolicies() *SentinelPolicies {
|
|
return &SentinelPolicies{client: c}
|
|
}
|
|
|
|
// List is used to dump all of the policies.
|
|
func (a *SentinelPolicies) List(q *QueryOptions) ([]*SentinelPolicyListStub, *QueryMeta, error) {
|
|
var resp []*SentinelPolicyListStub
|
|
qm, err := a.client.query("/v1/sentinel/policies", &resp, q)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return resp, qm, nil
|
|
}
|
|
|
|
// Upsert is used to create or update a policy
|
|
func (a *SentinelPolicies) Upsert(policy *SentinelPolicy, q *WriteOptions) (*WriteMeta, error) {
|
|
if policy == nil || policy.Name == "" {
|
|
return nil, errors.New("missing policy name")
|
|
}
|
|
wm, err := a.client.put("/v1/sentinel/policy/"+policy.Name, policy, nil, q)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return wm, nil
|
|
}
|
|
|
|
// Delete is used to delete a policy
|
|
func (a *SentinelPolicies) Delete(policyName string, q *WriteOptions) (*WriteMeta, error) {
|
|
if policyName == "" {
|
|
return nil, errors.New("missing policy name")
|
|
}
|
|
wm, err := a.client.delete("/v1/sentinel/policy/"+policyName, nil, nil, q)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return wm, nil
|
|
}
|
|
|
|
// Info is used to query a specific policy
|
|
func (a *SentinelPolicies) Info(policyName string, q *QueryOptions) (*SentinelPolicy, *QueryMeta, error) {
|
|
if policyName == "" {
|
|
return nil, nil, errors.New("missing policy name")
|
|
}
|
|
var resp SentinelPolicy
|
|
wm, err := a.client.query("/v1/sentinel/policy/"+policyName, &resp, q)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return &resp, wm, nil
|
|
}
|
|
|
|
type SentinelPolicy struct {
|
|
Name string
|
|
Description string
|
|
Scope string
|
|
EnforcementLevel string
|
|
Policy string
|
|
CreateIndex uint64
|
|
ModifyIndex uint64
|
|
}
|
|
|
|
type SentinelPolicyListStub struct {
|
|
Name string
|
|
Description string
|
|
Scope string
|
|
EnforcementLevel string
|
|
CreateIndex uint64
|
|
ModifyIndex uint64
|
|
}
|
|
|
|
// Possible Sentinel scopes
|
|
const (
|
|
SentinelScopeSubmitJob = "submit-job"
|
|
SentinelScopeSubmitHostVolume = "submit-host-volume"
|
|
SentinelScopeSubmitCSIVolume = "submit-csi-volume"
|
|
)
|