-
Notifications
You must be signed in to change notification settings - Fork 0
/
gen.rego
46 lines (42 loc) · 1009 Bytes
/
gen.rego
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package generate_constraints
N = 100
output := {
"constraints": {
"K8sAllowedRepos": {
name: object |
n := numbers.range(1, N)[_]
name := sprintf(name_template, [n])
object := object_template(n)
}
}
}
name_template = "prod-repo-is-openpolicyagent-%03d"
object_template(n) = {
"apiVersion": "constraints.gatekeeper.sh/v1beta1",
"kind": "K8sAllowedRepos",
"metadata": {
"name": sprintf("prod-repo-is-openpolicyagent-%03d", [n])
},
"spec": {
"match": {
"kinds": [
{
"apiGroups": [
""
],
"kinds": [
"Pod"
]
}
],
"namespaces": [
"production"
]
},
"parameters": {
"repos": [
"only-this-repo"
]
}
}
}