-
Notifications
You must be signed in to change notification settings - Fork 731
/
fixtures.go
63 lines (56 loc) 路 1.53 KB
/
fixtures.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package fakes
import (
"github.com/open-policy-agent/frameworks/constraint/pkg/apis/constraints"
templatesv1beta1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1"
"github.com/open-policy-agent/frameworks/constraint/pkg/core/templates"
"github.com/open-policy-agent/gatekeeper/v3/pkg/target"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
)
func DenyAllRegoTemplate() *templates.ConstraintTemplate {
return &templates.ConstraintTemplate{
TypeMeta: metav1.TypeMeta{
APIVersion: templatesv1beta1.SchemeGroupVersion.String(),
Kind: "ConstraintTemplate",
},
ObjectMeta: metav1.ObjectMeta{
Name: "denyall",
},
Spec: templates.ConstraintTemplateSpec{
CRD: templates.CRD{
Spec: templates.CRDSpec{
Names: templates.Names{
Kind: "denyall",
},
},
},
Targets: []templates.Target{{
Target: target.Name,
Code: []templates.Code{{
Engine: "Rego",
Source: &templates.Anything{
Value: map[string]interface{}{"rego": `
package goodrego
violation[{"msg": msg}] {
msg := "denyall"
}`},
},
}},
}},
},
}
}
func DenyAllConstraint() *unstructured.Unstructured {
return ConstraintFor("denyall")
}
func ConstraintFor(kind string) *unstructured.Unstructured {
u := &unstructured.Unstructured{}
u.SetGroupVersionKind(schema.GroupVersionKind{
Group: constraints.Group,
Version: "v1beta1",
Kind: kind,
})
u.SetName("constraint")
return u
}