kind: ConfigMap
apiVersion: v1
metadata:
  name: deployment-resources
  namespace: opa
  labels:
    app: opa
    owner: jimmy
    openpolicyagent.org/policy: rego
data:
  main: |
    package kubernetes.admission

    import data.lib.k8s.helpers as helpers

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources
      msg = sprintf("%q: Valid resources element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources.limits
      msg = sprintf("%q: Valid resources.limits element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources.limits.cpu
      msg = sprintf("%q: Valid resources.limits.cpu element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources.limits.memory
      msg = sprintf("%q: Valid resources.limits.memory element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources.requests
      msg = sprintf("%q: Valid resources.requests element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources.requests.cpu
      msg = sprintf("%q: Valid resources.requests.cpu element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }

    deny[msg] {
      helpers.request_kind = "Deployment"
      helpers.allowed_operations[helpers.request_operation]
      container = helpers.deployment_containers[_]
      not container.resources.requests.memory
      msg = sprintf("%q: Valid resources.requests.memory element not found in %q container. Resource ID (ns/name/kind): %q", [helpers.deployment_error,container.name,helpers.request_id])
    }