This section is empty.


This section is empty.


func ScopeCatalogUpsert

func ScopeCatalogUpsert(node *api.Node, service *api.AgentService) map[string]interface{}

ScopeCatalogUpsert returns the standard sentinel scope for a catalog create or update. Service is allowed to be nil.

func ScopeKVUpsert

func ScopeKVUpsert(key string, value []byte, flags uint64) map[string]interface{}

ScopeKVUpsert returns the standard sentinel scope for a KV create or update.


type Evaluator

type Evaluator interface {
	Compile(policy string) error
	Execute(policy string, enforcementLevel string, data map[string]interface{}) bool

Evaluator wraps the Sentinel evaluator from the HashiCorp Sentinel policy engine.

func New

func New(logger hclog.Logger) Evaluator

New returns a new instance of the Sentinel code engine. This is only available in Consul Enterprise so this version always returns nil.

type ScopeFn

type ScopeFn func() map[string]interface{}

ScopeFn is a callback that provides a sentinel scope. This is a callback so that if we don't run sentinel for some reason (not enabled or a basic policy check means we don't have to) then we don't spend the effort to make the map.