mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
86c858cdc3
* Gallery allows picking stuff * Small fixes * added sentinel templates * Can set enforcement level on policies * Working on the interactive sentinel dev mode * Very rough development flow on FE * Changed position in gutter menu * More sentinel stuff * PR cleanup: removed testmode, removed unneeded mixins and deps * Heliosification * Index-level sentinel policy deletion and page title fixes * Makes the Canaries sentinel policy real and then comments out the unfinished ones * rename Access Control to Administration in prep for moving Sentinel Policies and Node Pool admin there * Sentinel policies moved within the Administration section * Mirage fixture for sentinel policy endpoints * Description length check and 500 prevention * Sync review PR feedback addressed, implied butons on radio cards * Cull un-used sentinel policies --------- Co-authored-by: Mike Nomitch <mail@mikenomitch.com>
33 lines
754 B
JavaScript
33 lines
754 B
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
export default `# This policy restricts which Docker images are allowed and also prevents use of
|
|
# the "latest" tag since the image must specify a tag that starts with a number.
|
|
|
|
# Allowed Docker images
|
|
allowed_images = [
|
|
"https://hub.docker.internal",
|
|
"nginx",
|
|
"mongo",
|
|
]
|
|
|
|
# Restrict allowed Docker images
|
|
restrict_images = rule {
|
|
all job.task_groups as tg {
|
|
all tg.tasks as task {
|
|
any allowed_images as allowed {
|
|
# Note that we require ":" and a tag after it
|
|
# which must start with a number, preventing "latest"
|
|
task.config.image matches allowed + ":[0-9](.*)"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# Main rule
|
|
main = rule {
|
|
restrict_images
|
|
}`;
|