kind: ConfigMap
apiVersion: v1
metadata:
  name: library-k8s-helpers
  namespace: opa
  labels:
    app: opa
    owner: jimmy
    openpolicyagent.org/policy: rego
data:
  main: |
    package lib.k8s.helpers

    allowed_operations = allowed_ops {
      allowed_ops := {"CREATE", "UPDATE"}
    }

    request_operation = op {
      op := input.request.operation
    }

    request_metadata_labels = labels {
      labels := input.request.object.metadata.labels
    }

    request_spec_template_metadata_labels = labels {
      labels := input.request.object.spec.template.metadata.labels
    }

    deployment_error = e {
      e := "DEPLOYMENT_INVALID"
    }

    deployment_containers = c {
      c := input.request.object.spec.template.spec.containers
    }

    required_deployment_labels = l {
      l := {"app", "owner"}
    }

    deployment_role = dr {
      dr := input.request.object.spec.template.metadata.annotations["iam.amazonaws.com/role"]
    }

    request_id = value {
      value := sprintf("%v/%v/%v", [
        request_namespace,
        request_name,
        request_kind
      ])
    }

    request_name = value {
      value := input.request.object.metadata.name
    }

    else = value {
      value := "NOT_FOUND"
    }

    request_namespace = value {
      value := input.request.object.metadata.namespace
    }

    else = value {
      value := "NOT_FOUND"
    }

    request_kind = value {
      value := input.request.kind.kind
    }

    else = value {
      value := "NOT_FOUND"
    }